[Greasemonkey] Greasemonkey 0.6.6

[Aaron Boodman]

So here is a trial run of gm 0.6.6.

The main change here (besides FF 2.0 compatibility) is that I updated
the install script UI to be a little bit more friendly to novice users
and also to fix a few security problems.

When you click a link to a user script now (or otherwise load one), a
dialog like the extension install dialog pops up. This dialog shows
you the script title, the includes and excludes, and the description.
You also get a button to show the source if you want.

I think that this makes script installation a little bit more
friendly. It also should address these two problems:

1. Timing attacks on the install button. Before, since a single click
installs a script and the button is using area that is usually the
content's, you could do something where you put a button like:

[double click here for a neat surprise!]

On the first click, you do location.href='evil.user.js' which causes
the install banner to come up, and the user just installed a user
script they didn't mean to.


2. Counting attack on the install button. Since GM downloaded the
script twice during the install process -- once to display to the user
and once to actually install, it was possible to show the user
something different than what they actually ended up installing.


Let me know what you think,

- a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: greasemonkey-0.6.6.20061008.0.xpi
Type: application/x-xpinstall
Size: 51730 bytes
Desc: not available
Url : http://mozdev.org/pipermail/greasemonkey/attachments/20061008/70731bce/attachment-0002.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0.6.6.diff
Type: text/x-patch
Size: 22885 bytes
Desc: not available
Url : http://mozdev.org/pipermail/greasemonkey/attachments/20061008/70731bce/attachment-0003.bin