[Greasemonkey] bug 11423
Roderick McGuire
mcguire at telerama.com
Tue Aug 30 17:53:03 EDT 2005
chris feldmann wrote:
> On 8/30/05, Aaron Boodman <zboogs at gmail.com> wrote:
>
>>http://bugzilla.mozdev.org/show_bug.cgi?id=11423
>>
>>Discuss
>
> To quote:
>
...
> To compensate for the slowness, I will concatenate all the user scripts for a
> given page together into one mega script to execute all at once. This means that
> malicious user scripts could interfere with one another on 1.0.x, but I feel
> that this is acceptable."
>
> One thing that occurs to me is the possibility of "userscript arms
> escalation" if it becomes useful or efficacious to exploit the
> injection model within one script to the detriment of another. Then
> the affected script could reply by hijacking the injection hacks of
> the first and so on ad indefinitum. Sounds like fun to me.
There is the real problem that some user scripts are incompatible with
other ones, particularly those that hack the DOM.
Maybe there needs to be a way for a script to tell what other scripts
are installed/active and complain to user for known problems. This may
give Joe Average User a clue about why some installed script doesn't work.
I'm working on a major script with a lot of DOM changes. For now it
won't perform any changes (except add a small command panel) until the
user explicitly uses the panel to to tell it to. So maybe there needs to
be a 3rd category: installed/active/activated.
Or does making a script active act ex-post-facto on a page that has
already been loaded?
More information about the Greasemonkey
mailing list