[Greasemonkey] Greasemonkey Dict
Mark Pilgrim
pilgrim at gmail.com
Thu Jul 21 12:20:36 EDT 2005
On 7/21/05, Aaron Kurtz <aaron.kurtz at gmail.com> wrote:
> Would using an extension that specifically blocks all JS save a specified
> whitelist allow us to run the older versions safely? Assuming that we only
> allow trusted sites to run JS?
People! This entire thread is pointless! GM 0.3.3 and GM 0.4.0
expose *the entire contents of your hard drive* to any site you visit
on which you run *any user script* (even an entirely blank one).
There is absolutely no one in the world I would trust that much. No
one. Not my wife, not my son, not my parents. Certainly not the
owner a random IP address that a web domain happens to resolve to
today, whose identity I can't confirm without visiting the site and
exposing *the entire contents of my hard drive*.
Stop playing Whack-A-Mole. Stop thinking like an Exchange
administrator. ("Maybe I'll be safe if I put my Exchange server
behind a firewall and set up policies to deny .EXE attachments --
oops, I mean .EXE and .COM -- oops, I mean .EXE, .COM, and .PIF --
oops, forgot about screensavers...") Uninstall the *horribly
dangerously unsafe* version of Greasemonkey you're running, install
Greasemonkey 0.3.5, and disable all the wonderful API-reliant user
scripts you're so attached to. Right. Now.
--
Cheers,
-Mark
More information about the Greasemonkey
mailing list