[Greasemonkey] security: XPCNativeWrapper w. window or
unsafeWindow?
Aaron Boodman
zboogs at gmail.com
Sun Dec 4 16:03:50 EST 2005
They both work, and seem to do the right thing. So I'd prefer
"window", just to avoid unsafeWindow wherever possible.
- a
On 12/2/05, Joe la Poutre <jsixpack at gmail.com> wrote:
> Hi,
>
> Much to my surprise, I discovered that I can use either window or
> unsafeWindow as first arg to XPCNativeWrapper from within a userscript
> (using GM 0.6.4, auto updated version).
>
> Just wondering which one I should pick, with respect to the most
> secure implementation?
>
> Snippet:
>
> // this is in a function called by GM_XMLHttpRequest
> var dp = new XPCNativeWrapper(window, "DOMParser()"); // or unsafeWindow...
> var parser = new dp.DOMParser();
>
> // res holds the request result object.
> var DOM = parser.parseFromString(res.responseText, "application/xhtml+xml");
>
> Cheers,
>
> Joe.
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
>
More information about the Greasemonkey
mailing list