[Greasemonkey] Re: unsafeWindow.XmlHttpRequest in Greasemonkey
0.6.4
Aaron Boodman
zboogs at gmail.com
Thu Jan 12 15:09:44 EST 2006
Nope. The whole point of these functions is that they (usually) access
things that normal scripts cannot do. GM_log, for example, accesses
the JS console. So even if you did try to leak it, it would not run.
Which is a good thing. We do not want to give random webpages increased privs.
- a
On 1/12/06, Julien Couvreur <julien.couvreur at gmail.com> wrote:
> I have a side question to add:
> Is it possible to leak (on purpose) any GM_ function into the main page?
>
> I'm especially interested in GM_log and GM_XMLHttpRequest.
>
> Thanks,
> Julien
>
>
> On 1/12/06, Julien Couvreur <julien.couvreur at gmail.com> wrote:
> > I'm receiving a number of emails from people asking me to fix my
> > XmlHttp-related userscripts for FF1.5/GM0.6.4, so I'm trying to
> > investigate a bit more.
> >
> > I've now fixed the problem I had with unsafeWindow. It was indeed a
> > bad install. alert(unsafeWindow) now works (shows "[object
> > XPCNativeWrapper [object window]]").
> > But alert(unsafeWindow.XMLHttpRequest) is null. Is that expected? If so, why?
> >
> > Basically, I have two scripts: tracing [1] and debugging. The tracing
> > one needs to modify the prototype of the XMLHttpRequest used by the
> > page and the debugging one (which is more popular) needs to replace
> > the XMLHttpRequest constructor in the page context also.
> >
> > Any suggestions for workarounds?
> >
> > Thanks,
> > Julien
> >
> > [1] http://blog.monstuff.com/archives/images/XMLHttpRequestTracing.user.js
> > [2] http://blog.monstuff.com/archives/images/XMLHttpRequestDebugging.v1.1.user.js
> >
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list