[Greasemonkey] Safe to access variables from unsafeWindow?
Anthony Lieuallen
arantius at gmail.com
Wed Sep 6 18:14:58 EDT 2006
On 9/6/2006 4:27 PM, Henrik Nyh wrote:
> Accessing a page's functions from unsafeWindow is supposedly not safe,
> because code could travel up the call stack into the monkey; but are
> there any known security issues with accessing _variables_ from
> unsafeWindow?
Yes. Via javascript getters, the scope chain can be climbed. I think.
I don't quite know how to do it. But I can at least detect that it
was done:
http://arantius.info/gm-escalate-getter.html
Since I don't know how to break into GM from a function call either, I
expect that same secret would apply in either case.
More information about the Greasemonkey
mailing list