Talk:UnsafeWindow: Difference between revisions
→LED Grow Lights In behalf of Indoor Gardening Success: <- This is a complete non sequitur |
|||
(25 intermediate revisions by 13 users not shown) | |||
Line 1: | Line 1: | ||
We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --[[User:195.67.240.29|195.67.240.29]] 17:39, 13 April 2007 (EDT) | We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --[[User:195.67.240.29|195.67.240.29]] 17:39, 13 April 2007 (EDT) | ||
: +1 . I've never totally understood *what* the vulnerabilities are. This is the most I've ever gotten: http://arantius.info/gm/security/gm-escalate-getter.html [[User:Arantius|Arantius]] 12:17, 13 May 2007 (EDT) | |||
---- | |||
== How to do I use GM_setValue safely? == | == How to do I use GM_setValue safely? == | ||
Line 17: | Line 21: | ||
* Is it safe? | * Is it safe? | ||
* Is there a better way that does not involve unsafeWindow? | * Is there a better way that does not involve unsafeWindow? | ||
:You should be able to just define the method on <code>window</code>. So try just | :You should be able to just define the method on <code>window</code>. So try just | ||
Line 23: | Line 28: | ||
… | … | ||
} | } | ||
--[[User:81.227.36.227|81.227.36.227]] 04:13, 6 May 2007 (EDT) | |||
: Asking questions should really be done on the [[mailing list]] not the wiki. [[User:Arantius|Arantius]] 12:17, 13 May 2007 (EDT) | |||
This page would be a zillion (conservative estimate) times more useful if it actually described why unsafeWindow is unsafe instead of asking us to take it on trust. I have attempted such an explanation, but it would benefit from checking by someone who knows more about it than I do, [[User:Dan|Dan]] 18:17, 5 September 2008 (EDT) [[User:Dan|Dan]] 08:02, 6 September 2008 (EDT) | |||
@Photodeus | |||
Careful... this is part of the API and there will be consistency here... this isn't wikipedia's style. [[User:Marti|Marti]] 22:45, 28 April 2009 (EDT) | |||
== Danger, danger... high voltage! == | |||
Can we supply an example of HOW exactly unsafeWindow is unsafe? It reminds me of Statistics class. If your residual plot shows non-random scattering, "proceed with caution". And exactly what does proceeding with caution entail? QED. --[[User:Aavindraa|aavindraa]] 02:18, 25 August 2009 (EDT) | |||
:Well you see... you stick the fork into the outlet and watch the pretty sparks fly! ;). As a general rule of thumb, in my circles, it's not a wise idea to teach someone to use kitchen utensils unwisely. ;) [[User:Marti|Marti]] 03:18, 27 August 2009 (EDT) | |||
::Does http://groups.google.com/group/greasemonkey-dev/tree/browse_frm/thread/933ecdb307c4386d/864b5121ad4698cb give enough detail? Someone should merge info from there in here. (Yes, "someone" might include me, at a future date.) [[User:Web-Crawling Stickler|Web-Crawling Stickler]] 06:55, 28 February 2010 (UTC) |
Latest revision as of 03:38, 11 April 2012
We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --195.67.240.29 17:39, 13 April 2007 (EDT)
- +1 . I've never totally understood *what* the vulnerabilities are. This is the most I've ever gotten: http://arantius.info/gm/security/gm-escalate-getter.html Arantius 12:17, 13 May 2007 (EDT)
How to do I use GM_setValue safely?
I want to insert in the page an HTML element that can be used to update a preference.
My strategy for doing this is:
- add the element in the userScript, with an onclick property set to call updatePref(new_state);
- add a function to update the setting to unsafeWindow, here is the function:
unsafeWindow.updatePref = function(state) { var s; if (state) { s = true; } else { s = false; } GM_setValue('pref', s); };
Questions:
- Is it safe?
- Is there a better way that does not involve unsafeWindow?
- You should be able to just define the method on
window
. So try just
function updatePref(state) { … }
--81.227.36.227 04:13, 6 May 2007 (EDT)
- Asking questions should really be done on the mailing list not the wiki. Arantius 12:17, 13 May 2007 (EDT)
This page would be a zillion (conservative estimate) times more useful if it actually described why unsafeWindow is unsafe instead of asking us to take it on trust. I have attempted such an explanation, but it would benefit from checking by someone who knows more about it than I do, Dan 18:17, 5 September 2008 (EDT) Dan 08:02, 6 September 2008 (EDT)
@Photodeus
Careful... this is part of the API and there will be consistency here... this isn't wikipedia's style. Marti 22:45, 28 April 2009 (EDT)
Danger, danger... high voltage!
Can we supply an example of HOW exactly unsafeWindow is unsafe? It reminds me of Statistics class. If your residual plot shows non-random scattering, "proceed with caution". And exactly what does proceeding with caution entail? QED. --aavindraa 02:18, 25 August 2009 (EDT)
- Well you see... you stick the fork into the outlet and watch the pretty sparks fly! ;). As a general rule of thumb, in my circles, it's not a wise idea to teach someone to use kitchen utensils unwisely. ;) Marti 03:18, 27 August 2009 (EDT)
- Does http://groups.google.com/group/greasemonkey-dev/tree/browse_frm/thread/933ecdb307c4386d/864b5121ad4698cb give enough detail? Someone should merge info from there in here. (Yes, "someone" might include me, at a future date.) Web-Crawling Stickler 06:55, 28 February 2010 (UTC)