[Greasemonkey] Problems with greasemonkey suggest

Jeremy Dunck jdunck at gmail.com
Mon Apr 17 08:59:35 EDT 2006 

On 4/17/06, affzedeluis kraxxi <affzedelius at hotmail.com> wrote:
> Thanks for answering. I'm pretty new to this so I don't understand all what
> you told me. What is GM_xhr? I have opened the script file and founded this:

GM_xmlhttpRequest allows you to do cross-domain HTTP requests, which
is what you're trying to do by requesting from google.com when
visiting g4g.org.  It's an API that Greasemonkey gives to user scripts
which isn't available to normal page content.  Cross-domain scripting
is a security issue-- Greasemonkey user scripts have more trust and
power than page content scripts because of these APIs.

details:
http://diveintogreasemonkey.org/api/gm_xmlhttprequest.html

> s.src = 'http://www.google.com/ac.js';
>
> Am I suppose to change this URL to something else?

Not exactly.  You'd call GM_xhr and create a script element when you
get the results of that call, placing the response into the script
element rather than referencing the other domain.

GM_xmlhttpRequest({
 method:'GET',
 url:'http://www.google.com/ac.js',
 onload:function(details) {
   if (details.status == '200') {
     //create and append script element here.
   }
 }
}

> You said something about "place the contents of ac.js
> within the script tag".

Yeah, so instead of creating this:
<script src="http://foo.com/x.js"></script>
where x.js is "alert('hi')"
you'd create this:
<script>alert('hi')</script>

Or, scriptily, given:
    var s = document.createElement('script');
instead of this:
    s.src = 'http://www.google.com/ac.js';
you'd call GM_xhr and do this with the response details:
    s.appendChild(document.createTextNode(details.responseText));


> Excuse my bad  knowledge. I would really appreciate if someone can help me
> to understand this.

You should know that user scripts are more trusted than page scripts,
and because of the power they have, can be a security concern.  You
shouldn't install scripts you don't understand.  This is the same as
any other arbitrary program or extension.  You shouldn't install
without some assurance that it is benign.  I could have written the
script to capture your google account information if I was a bad
monkey.

If you just need to get familiar with Greasemonkey, Dive into
Greasemonkey is dandy:
http://diveintogreasemonkey.org/
and if you would like ideas for how to use GM, Greasemonkey Hacks is nice:
http://www.amazon.com/exec/obidos/ASIN/0596101651/ref%3Dnosim/diveintomark20

And if you need basic JS references, there are tons of them, but these are nice:
JS: The Definitive Guide:
  http://www.amazon.com/gp/product/0596000480/
DHTML Utopia:
  http://www.amazon.com/gp/product/0957921896/

More information about the Greasemonkey mailing list