[Greasemonkey] Greasemonkey-imports cvs head 08-Jan 06
Aaron Boodman
zboogs at gmail.com
Mon Jan 9 00:21:52 EST 2006
So I've been thinking about this more, and my only issue is the
trustworthiness and stability of the URLs linked to.
So for example, you link to foo.com/script and it changes hands. Or
somebody hacks the local machine, or DNS or whatever, to make that
resolve to something evil.
One way to protect against this is to support an (optional?) sha1 hash
of the target file. So something like:
@import http://mochikit.com/v1.1/mochikit1.1.js
4ed56c1..<rest-of-hash-here>...
Another way would be to allow a simple package format (jar). Perhaps both?
- a
On 1/8/06, Gareth Andrew <freega at freegarethandrew.org> wrote:
> Hi all,
>
> Attached is a patch for greasemonkey imports updated to reflect the
> changes in cvs head. I've moved imports downloader into its own file
> so there are two attachments, a diff and importsdownloader.js
>
> Gareth.
>
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
>
>
More information about the Greasemonkey
mailing list