[Greasemonkey] bug 11423
Matthias Bauer
ml-greasemonkey-42imk83y at moeffju.net
Thu Sep 1 17:39:28 EDT 2005
On 30.08.2005 23:02 Aaron Boodman wrote:
>> Can you still interfere with other people's scripts if they are in a
>>
>> (function() {
>> })()
>
> Yes. All the APIs for all the scripts will get added to the sandbox
> before the script runs. Then before each individual script runs, it's
> specific APIs get copied into the local scope.
>
> GM_xmlhttpRequest = __magicAPIs[myApis].GM_xmlhttpRequest;
> GM_log = __magicAPIs[myApis].GM_log;
> ... etc ...
>
> This means that a bad script could do this:
>
> delete __magicAPIHash.
>
> Then none of the scripts would get their APIs anymore and they
> wouldn't work. But again, a bad script can do way worse than that.
Couldn't you use a random name for the magic API hash? None of the
scripts needs to know the name anyway.
-Matt
More information about the Greasemonkey
mailing list