[Greasemonkey] Another Attack?
Aaron Boodman
zboogs at gmail.com
Fri May 6 14:19:47 EDT 2005
> >A script could redefine the window properties and all subsequently
> >injected scripts would be affected. This is easy to fix by simply
> >redefining the window properties for each iteration. Thanks for making
> >me think of it!
> >
> >
> If I'm reading this correctly ... you're going to reset *all* window
> properties ...
Well, let's just say that I wrote it poorly :-).
That's not what I meant at all. What I was trying to say was that a
user script could do this:
window.__gmXMLHttpRequest = function() { /* evil stuff here */ }
When the next script is injected, their copy of GM_xmlhttpRequest will
be referencing the evil function. This is easily solved by simply
resetting the window.__gm* properties before each script is injected.
You may want to review the init code in browser.xul if you're
unfamiliar with how all this is hacked together.
--
Aaron
More information about the Greasemonkey
mailing list