[Greasemonkey] Greasemonkey 0.4.2 - Voyager

Mark Pilgrim pilgrim at gmail.com
Thu Jul 28 11:30:39 EDT 2005


On 7/28/05, Aaron Boodman <zboogs at gmail.com> wrote:
> with (sandbox) {
>   with (unsafeWindow) {
>     with (window) {
>       // run script...
>     }
>   }
> }

I haven't installed this version yet, but doesn't this scoping chain
imply that remote page scripts could redefine GM API functions like
GM_getValue or GM_xmlhttpRequest to do something malicious?

-- 
Cheers,
-Mark


More information about the Greasemonkey mailing list