[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
Mark Pilgrim
pilgrim at gmail.com
Mon Jul 18 14:47:47 EDT 2005
On 7/18/05, chris feldmann <cfeldmann at gmail.com> wrote:
> When I looked at that exploit last week it seemed the server would have to
> be @included in any script in order to read it. The GM_setValue exploit also
> @includes its own demonstration page. I'm not trying to discount the
> severity here, only asking if my understanding of the nature is correct.
> Namely, must a script open itself to the server in the @include line for
> this exploit to be viable?
That is correct. I do not currently know of any way for a remote page
to gain access to scripts that are not configured to run on that page.
--
Cheers,
-Mark
More information about the Greasemonkey
mailing list