[Greasemonkey] GM 0.6.3 and new Image()
chris feldmann
cfeldmann at gmail.com
Sun Dec 4 15:07:19 EST 2005
On 12/1/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > all good. Any reason for this?
>
> Yes, Image is not a member of the IDL interfaces Window implements:
>
> http://xulplanet.com/references/objref/Window.html
>
> Because of this, it does not get reflected into XPCNativeWrapper and
> Greasemonkey can't access it.
>
> ===
>
> Warning, extremely mind-numbing technical jargon to follow... but if
> you want to know what's really going on, here it is:
>
> This is a security thing. Greasemonkey now only uses
> XPCNativeWrappers. This is good because it means that content - the
> webiste you're viewing - and your user script are completely isolated
> from each other. You can't see their content's or functions (without
> going through unsafeWindow) and more importantly, and content can't
> see your variables or functions.
>
> This is accomplished with XPCNativeWrapper. Say you have a JavaScript
> object which is a wrapper around a C++ object which implements
> IHTMLImage and IDOMNode. Through the magic of JavaScript, a content
> script can change the meaning of appendChild (a member of IDOMNode) to
> do something other than what the original C++ instance does. This is
> the path to a bunch of attacks.
>
> XPCNativeWrapper eliminates this by going through all the members of
> all the interfaces a script object implements and creating a new
> object which accesses the real, underlying C++ class directly and
> cannot be changed by script. This means that XPCNativeWrappers always
> call the methods you think they will.
>
> Since Image() is not a member of any of the interfaces that Window
> implements, it does not get found by XPCNativeWrapper and does not
> show up for Greasemonkey.
>
> So how does it exist for content scripts, you ask?
>
> Image() is a special case (along with Option, XMLHttpRequest, etc) in
> the HTML/JavaScript/DOM code path in Mozilla where global constructors
> are simply tacked onto the global js namespace.
>
> Some of these are getting fixed, slowly, but not until 1.6 or whatever.
>
> Hope this helps, and once again, sorry about the interface changes. I
> don't expect this set to ever shink any more, only grow.
>
> - a
Thanks for the overview, Aaron. John (and others), see also Mark's
discussion of XPCNativeWrappers and greasemonkey scripts here:
http://www.oreillynet.com/pub/a/network/2005/11/01/avoid-common-greasemonkey-pitfalls.html
It's excerpted from the first chapter of Greasemonkey Hacks. I've been
trying to cram these wrappers into my head for weeks now and it really
(finally) provided that "aha!" moment.
More or less.
More information about the Greasemonkey
mailing list