[Greasemonkey] Alternative script injection technique proof of
concept
John Plsek
gm at plsek.id.au
Wed Jul 20 00:15:51 EDT 2005
Aaron Boodman wrote:
>I was all over the eval idea until I figured out that
>GM_xmlhttpRequest would still be accessible via the callstack. I think
>the sandbox approach is best because it lessens the chance of me
>screwing up and exposing some other way to access api functions.
>
>
>
Yeah, the local file access was a wakeup call!!
I'm afraid you lost me on how GM_xmlHttpRequest would still be available
... but that's OK, I'll dive into javascript and learn about
"callstack"s ;-)
As far as the sandbox goes ... bring on firefox 1.1, because I still
haven't figured out if/how evalInSandbox and the Sanbox object can be
used in ff 1.0.5
John
More information about the Greasemonkey
mailing list