[Greasemonkey] security: XPCNativeWrapper w. window or unsafeWindow?
Joe la Poutre
jsixpack at gmail.com
Fri Dec 2 12:23:39 EST 2005
Hi,
Much to my surprise, I discovered that I can use either window or
unsafeWindow as first arg to XPCNativeWrapper from within a userscript
(using GM 0.6.4, auto updated version).
Just wondering which one I should pick, with respect to the most
secure implementation?
Snippet:
// this is in a function called by GM_XMLHttpRequest
var dp = new XPCNativeWrapper(window, "DOMParser()"); // or unsafeWindow...
var parser = new dp.DOMParser();
// res holds the request result object.
var DOM = parser.parseFromString(res.responseText, "application/xhtml+xml");
Cheers,
Joe.
More information about the Greasemonkey
mailing list