[Greasemonkey] global storage script and security inquiry

[Jeremy Dunck]

On 9/2/05, Bill Donnelly <donnelly at snowcrest.net> wrote:
>   I needed some "global storage" that persists across page reloads and
> web sites for bookmarklet use, so I created a script that gives access
> to the *GM_getValue() and GM_setValue()* functions. I don't know if
> this is "bad", or not, security-wise, but I don't think it is. Let me know
> if I've missed anything. 

Most users will have the expectation that script values are private
and not accessible from content script.  You are violating that
expectation.  I personally wouldn't use a script that did that, but as
long as you're clear about it, I don't think it's an issue.  "Warning,
this is a loaded gun.  Careful!"

> I was also wondering, is the *GM_xmlhttpRequest* access the only real
> security problem that Gm opens to the world?

No, see above.  Violating user expectations is a sure way to have
security surprises.

>...then I request that there be a way to turn it off.

I think a pref to disable APIs wouldn't be too onerous, as long as the
UI didn't suck.  I don't like the idea of a pref per API func-- even 0
APIs won't protect against an evil user script, and so far, a way to
get at any API func has been a way to get at them all.  So, turn them
all off if you want to be paranoid safe, or don't if you don't.

> /*Other than that, Gm has the same "security issues" that regular /
> non-Gm Javascript has, doesn't it?*/

Yes, we break the security model in novel ways.  Since GM introduces a
3rd party into what's assumed to be a 2-party security model, I'm wary
of assumptions of safety.  Do I know of any issues?  Uh, no, but that
doesn't mean much.

 
> Here is a bookmarklet I use these functions in. (as example) It remembers a
> regular expression that it offers as a default in a JS confirm()
> function call.

Pretty please use attachments for scripts you'd like to share.  You
make the email harder to read, the code wraps, and it's not as easy to
actually -use- the attached code.