[Greasemonkey] adding a "global" javascript function
Ilia K.
mail4ilia at gmail.com
Thu Oct 13 14:05:02 EDT 2005
Thank you! Now it works!
On 10/12/05, Lenny Domnitser <ldrhcp at gmail.com> wrote:
<...>
> Yep. window is now an XPCNativeWrapper (it's a security thing) and
> unsafeWindow is a new object that is the regular page window.
>
> unsafeWindow.helloworld = function() {
> alert('Hello world!');
> }
>
> Make sure not to use unsafeWindow on scripts that execute on unlimited
> sites, because a malicious page can take advantage of unsafeWindow
> (hence "unsafe") to do all sorts of bad things.
But what's the point with this "security"? Why "window" is more
secure, than "unsafeWindow" and why I shouldn't use it with
"untrusted" sites. Any script on the page can do anything to this page
as long as browser permits it. What kind of "bad things" script can do
throgh unsafeWindow and can't do with regular window and how it's
related to gresemonkey?
It seems like the following line will save me from this "safety":
window=unsafeWindow; // we can now use window exactly as before
Are there any other such surprises with XPCNativeWrapper?
More information about the Greasemonkey
mailing list