[Greasemonkey] global storage script and security inquiry
Jeremy Dunck
jdunck at gmail.com
Sat Sep 3 09:55:49 EDT 2005
On 9/3/05, Bill Donnelly <donnelly at snowcrest.net> wrote:
> So, when you consider these "power functions" that Gm offers
> over and above "standard Javascript", the only one I see that i
> actually, obviously, "questionable" in its ability to cause bad
> things to occur, is GM_xmlhttpRequest. It seems that it is quite
> different in power and potential abuse than the others. (or any
> other 'standard JS' code in a script) Altho I admit that I'm not
> particularly well-versed in its use and ability.
You're assuming API injection works correctly, that the APIs do only
what they're intended to do, and that people aren't smarter than the
GM developers. ;-)
And, you're proposing a pref that is specifically paranoid-- if you
want an assurance of safety, shouldn't you at least be consistently
safe?
More information about the Greasemonkey
mailing list