[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
Godmar Back
godmar at gmail.com
Tue Jul 19 03:16:43 EDT 2005
Also, it would be good if you could summarize guidelines for GM script
writers that outline the current model, akin to this page:
http://developer-test.mozilla.org/en/docs/Safely_accessing_content_DOM_from_chrome
- Godmar
On 7/19/05, Aaron Boodman <zboogs at gmail.com> wrote:
> No,
>
> User scripts always have access to GM_xmlhttpRequest - no matter when
> they execute - because they are in their global scope.
>
> Content does not have access to GM_xmlhttpRequest because
> GM_xmlhttpRequeset is not on content's global scope.
>
> Maybe you're confusing scope and security context. The global scope of
> content is the window object -- that's why content can call alert( )
> instead of window.alert( ) and it works.
>
> The global scope for our user scripts will be a new object who's
> prototype is the content window. But that object will also have some
> new properties, GM_xmlhttpRequest is one of them. But that new object
> is not in content's scope chain at all.
>
>
> --
> Aaron
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list