[Greasemonkey] GM 0.6.2 no workie

Aaron Boodman zboogs at gmail.com
Tue Nov 29 11:28:08 EST 2005 

Oh, and the salient bit of information:

I will set a deadline on doing something (as a last resort shipping
without xml-extras or __proto__) for 1 wk after 1.5 shipping. Is that
cool?

- a

On 11/29/05, Aaron Boodman <zboogs at gmail.com> wrote:
> Basically the story is this:
>
> There's a bit in greasemonkey.js which sets the __proto__ of the
> sandbox to an XPCNativeWrapper around window. What this does it make
> it so that lookups for global js variables in the content window fail
> and unqualified properties of window (such as "location" or
> "navigator") go to the safe versions instead of the unsafe ones.
>
> Unfortunately, it makes all the global names from the xml-extras
> package, including XMLHttpRequest, XMLDocument, XPathResult, etc
> inaccessible as well. Simple enums and constants, like XPathResult can
> be copied from another window (for example the hidden window), or you
> can just use the nsIXPathResults interface. But complex objects, like
> XMLHttpRequest fail with permissions errors when you try to use
> instances from some other context.
>
> The most well-known scripts I have seen to fail here is gmail preview
> pane, because it uses XMLHttpRequest.
>
> So my options right now are:
>
> * Find some way I didn't think of to make this work. I'm meeting with
> the Mozilla people today to ask them about this.
>
> * Emulate XMLHttpRequest with GM_xmlhttpRequest. This will fix scripts
> who rely on basic XMLHttpRequest functionality, but will fail for
> scripts which use anything advanced which cannot be emulated (like
> getResponseHeader() or server push). It will also not fix any of the
> other less-commonly used xmlextras objects, which people might
> sometimes reach for and be surprised to not find.
>
> * Ship without xml-extras support. Authors could still make requests
> using GM_xmlhttpRequest and xpath searches using document.evaluate().
> They wouldn't be able to construct new XMLDocuments or use lower-level
> xpath interfaces, but I don't know of anyone doing that in
> Greasemonkey right now.
>
> * Ship without __proto__ = xpcnw(window). This would mean that
> window.location, window.navigator, etc are all less secure.
>
>
> Opinions welcome!
>
> - a
>
> On 11/29/05, Anthony Lieuallen <arantius at gmail.com> wrote:
> > I've had multiple users contact me that in FF 1.5 RC3, scripts (that I
> > wrote) did not work with GM 0.6.2.  I pointed them to the 0.6.3 in the
> > list archives, and all have reported that things now worked.
> > There's probably a more official release of GM planned now that FF 1.5
> > is due so soon, but I'm wondering what and when?
> > _______________________________________________
> > Greasemonkey mailing list
> > Greasemonkey at mozdev.org
> > http://mozdev.org/mailman/listinfo/greasemonkey
> >
>

More information about the Greasemonkey mailing list