[Greasemonkey] bug 11423
Mor Roses
moroses at gmail.com
Wed Aug 31 08:56:40 EDT 2005
Is'nt GM 0.5 uses the Sandbox approach?
if it is'nt then what is it?
On 8/30/05, chris feldmann <cfeldmann at gmail.com> wrote:
>
> On 8/30/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > http://bugzilla.mozdev.org/show_bug.cgi?id=11423
> >
> > Discuss
> To quote:
>
> "It is now clear that the current very complicated injection system
> just does not
> work. Multiple injections, no injections, etc. It seemed to work on my
> systems,
> on mailing list subscribers systems, but it does not work well in the
> wild.
>
> I am going to go back to the Sandbox() approach. The Sandbox approach is
> cool
> because it is the most "right" way to build Greasemonkey. The downside is
> that
> it is hella slow in 1.0.x.
>
> To compensate for the slowness, I will concatenate all the user scripts
> for a
> given page together into one mega script to execute all at once. This
> means that
> malicious user scripts could interfere with one another on 1.0.x, but I
> feel
> that this is acceptable."
>
> One thing that occurs to me is the possibility of "userscript arms
> escalation" if it becomes useful or efficacious to exploit the
> injection model within one script to the detriment of another. Then
> the affected script could reply by hijacking the injection hacks of
> the first and so on ad indefinitum. Sounds like fun to me.
>
> > _______________________________________________
> > Greasemonkey mailing list
> > Greasemonkey at mozdev.org
> > http://mozdev.org/mailman/listinfo/greasemonkey
> >
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
>
More information about the Greasemonkey
mailing list