[Greasemonkey] Greasemonkey 0.4.1 (The Next Generation)

Brendan Crosser-McGay verifex at gmail.com
Tue Jul 26 14:11:22 EDT 2005

Okay, I'm about to install it, but I had a question. You managed to close 
all the security holes, yet you said user scripts are still not to be 
considered secure from content. I'm not sure I understand. Do you mean user 
scripts should not be considered secure, just in general (as I perfectly 
understand), or they should not be considered secure because content can 
finnagle its way into just the right place to start hijacking userscripts 
using standard DOM functions.

I guess without actually writing a script to do this I shouldn't really say 
anything, but I'm not sure I trust my ability to debug something like this 
yet. If I were to write a function that sends data via the GML_httpxml 
request, invariably I'm going to be inserting some element of the current 
page into that request (ala the Burro script). Is it possible that a 
GM-aware-and-hostile-content-side script could manage to put a hook into all 
DOM functions that lets it inject whatever it wants into any GM functions, 
as long as the GM userscript uses some DOM function to gather that data.


On 7/26/05, chris feldmann <cfeldmann at gmail.com> wrote:
> Thanks for the hard work. I've been having to use the regular old internet 
> for days now!
> On 7/26/05, Aaron Boodman < zboogs at gmail.com> wrote:
> > 
> > > Instead of calling window.location's setter, line 4 creates a local 
> > > variable, like justSomeVariable.
> > 
> > I see. It seems like with (window) at the top level would fix this.
> > I'll give it a try.
> > _______________________________________________
> > Greasemonkey mailing list
> > Greasemonkey at mozdev.org
> > http://mozdev.org/mailman/listinfo/greasemonkey
> > 
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mozdev.org/pipermail/greasemonkey/attachments/20050726/8f32c347/attachment-0001.htm

More information about the Greasemonkey mailing list