[Greasemonkey] bug 11423

chris feldmann cfeldmann at gmail.com
Tue Aug 30 17:06:41 EDT 2005


On 8/30/05, Aaron Boodman <zboogs at gmail.com> wrote:
> http://bugzilla.mozdev.org/show_bug.cgi?id=11423
> 
> Discuss
To quote:

"It is now clear that the current very complicated injection system
just does not
work. Multiple injections, no injections, etc. It seemed to work on my systems,
on  mailing list subscribers systems, but it does not work well in the wild.

I am going to go back to the Sandbox() approach. The Sandbox approach is cool
because it is the most "right" way to build Greasemonkey. The downside is that
it is hella slow in 1.0.x. 

To compensate for the slowness, I will concatenate all the user scripts for a
given page together into one mega script to execute all at once. This means that
malicious user scripts could interfere with one another on 1.0.x, but I feel
that this is acceptable."

One thing that occurs to me is the possibility of "userscript arms
escalation" if it becomes useful or efficacious to exploit the
injection model within one script to the detriment of another. Then
the affected script could reply by hijacking the injection hacks of
the first and so on ad indefinitum. Sounds like fun to me.

> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list