[Greasemonkey] Explicit ID, Not Namespace

csaba2000 csaba2000 at yahoo.com
Mon Mar 13 10:01:50 EST 2006


Sorry if you are seeing it twice as it is a repost since the first one didn't
make it to http://mozdev.org/pipermail/greasemonkey/2006-March/thread.html
It's in reply to:
http://www.nabble.com/forum/ViewPost.jtp?post=3361013&framed=y

In regards to the exploit of Evil Person B writing a script to steal data
stored from Good Script A: Script B need not steal from Script A.  It can
just implement script A directly (presumably Person B has a copy) and just
add in his own dastardly code.  The issue is not one of Script B hijacking
Script A, but rather that of which scripts do you trust that come from the
web at large?  As has been pointed out, GM has quite a bit of leeway on your
machine, and can easily obtain passwords as you type them.

In any case (to answer the original poster wanting to share data among
multiple scripts), this capability of peering into another script's values
is straightforward:  Just give the second script the same name and
namespace.  When you install the second script, the generated filename will
be something similar (though different (even if you install the same script
twice)), but what matters is what gets written into GM's config.xml.  The
two scripts will share storage variables.  At the same time my general
reaction is that a separate @DefaultStorageID (that doesn't take @name into
account) would be a cleaner way for sharing data among multiple scripts.  I
suspect that multiple interacting scripts will become increasingly common as
page sequencing comes into vogue.

Here's an example (but I would change the +"more, " to +"less, " before
installing the second instance, so you can be sure where each is coming
from):
// ==UserScript==
// @name          delmeTest
// @namespace     delmeTest
// @description   Testing whether we can have multiple identically named
scripts
// @include       about:blank*
// ==/UserScript==

GM_setValue ("testVal", GM_getValue("firstVal","second, ")+"more, ");
alert (GM_getValue("testVal","didn't find it"));
// END FILE

Note about my @include: I've enabled GM to react to about:blank so I don't
have to write an html page to test simple user script ideas (like this one). 
You should substitute your own favorite page that GM will react to.

Csaba Gabor from Vienna
--
View this message in context: http://www.nabble.com/Explicit-ID%2C-Not-Namespace-t1183186.html#a3382334
Sent from the MozDev - greasemonkey forum at Nabble.com.



More information about the Greasemonkey mailing list