[Greasemonkey] Calling a page-defined function
esquifit
esquifit at googlemail.com
Tue Aug 15 13:22:28 EDT 2006
As far as I understand, unsafeWindow is 'only' unsafe with regard to
built-in properties and methods, like document and such; globally
page-defined objects are always inherently 'unsafe' (or, as in the case
of the Deviation object, always 'safe' since the whole functionality of the
page depends upon it). In this case it wouldn't make any difference to
directly invoke 'unsafeWindow.Deviation' instead of this hack, would it? Or
am I missing something? Could the Deviation object be built in such a form
as to detect whether it lives in the GM context, and thus potentially abuse
some GM-API or even get chrome privileges?
2006/8/14, Lenny Domnitser <ldrhcp at gmail.com>:
>
> On 8/14/06, Gary Tyler <pile0nades at gmail.com> wrote:
> > [I] don't know how to call the method
> > Deviation.zoomIn() to load the full image. I can make it work through
> > unsafeWindow but I don't want to use that as its dangerous.
>
> You can use this hack, which avoids unsafeWindow:
> location.href = 'javascript:void(Deviation.zoomIn());';
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list