Talk:UnsafeWindow: Difference between revisions

From GreaseSpot Wiki
Jump to navigationJump to search
Marti (talk | contribs)
m Undo lowercase
Dan (talk | contribs)
No edit summary
Line 32: Line 32:


: Asking questions should really be done on the [[mailing list]] not the wiki.  [[User:Arantius|Arantius]] 12:17, 13 May 2007 (EDT)
: Asking questions should really be done on the [[mailing list]] not the wiki.  [[User:Arantius|Arantius]] 12:17, 13 May 2007 (EDT)
This page would be a zillion (conservative estimate) times more useful if it actually described why unsafeWindow is unsafe instead of asking us to take it on trust.  Even a pointer to an explanation elsewhere, [[User:Dan|Dan]] 18:17, 5 September 2008 (EDT)

Revision as of 22:17, 5 September 2008

We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --195.67.240.29 17:39, 13 April 2007 (EDT)

+1 . I've never totally understood *what* the vulnerabilities are. This is the most I've ever gotten: http://arantius.info/gm/security/gm-escalate-getter.html Arantius 12:17, 13 May 2007 (EDT)


How to do I use GM_setValue safely?

I want to insert in the page an HTML element that can be used to update a preference.

My strategy for doing this is:

  • add the element in the userScript, with an onclick property set to call updatePref(new_state);
  • add a function to update the setting to unsafeWindow, here is the function:
	unsafeWindow.updatePref = function(state) {
		var s;
		if (state) { s = true; } else { s = false; }
		GM_setValue('pref', s);
	};

Questions:

  • Is it safe?
  • Is there a better way that does not involve unsafeWindow?


You should be able to just define the method on window. So try just
function updatePref(state) {
  …
}

--81.227.36.227 04:13, 6 May 2007 (EDT)

Asking questions should really be done on the mailing list not the wiki. Arantius 12:17, 13 May 2007 (EDT)

This page would be a zillion (conservative estimate) times more useful if it actually described why unsafeWindow is unsafe instead of asking us to take it on trust. Even a pointer to an explanation elsewhere, Dan 18:17, 5 September 2008 (EDT)