[Greasemonkey] bug 11423
Adam Judson
adamsplugins at gmail.com
Tue Aug 30 17:15:20 EDT 2005
So which version uses/used the sandbox approach?
A
On 30/08/05, chris feldmann <cfeldmann at gmail.com> wrote:
> On 8/30/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > http://bugzilla.mozdev.org/show_bug.cgi?id=11423
> >
> > Discuss
> To quote:
>
> "It is now clear that the current very complicated injection system
> just does not
> work. Multiple injections, no injections, etc. It seemed to work on my systems,
> on mailing list subscribers systems, but it does not work well in the wild.
>
> I am going to go back to the Sandbox() approach. The Sandbox approach is cool
> because it is the most "right" way to build Greasemonkey. The downside is that
> it is hella slow in 1.0.x.
>
> To compensate for the slowness, I will concatenate all the user scripts for a
> given page together into one mega script to execute all at once. This means that
> malicious user scripts could interfere with one another on 1.0.x, but I feel
> that this is acceptable."
>
> One thing that occurs to me is the possibility of "userscript arms
> escalation" if it becomes useful or efficacious to exploit the
> injection model within one script to the detriment of another. Then
> the affected script could reply by hijacking the injection hacks of
> the first and so on ad indefinitum. Sounds like fun to me.
>
> > _______________________________________________
> > Greasemonkey mailing list
> > Greasemonkey at mozdev.org
> > http://mozdev.org/mailman/listinfo/greasemonkey
> >
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
>
More information about the Greasemonkey
mailing list