Talk:UnsafeWindow: Difference between revisions
From GreaseSpot Wiki
Jump to navigationJump to search
No edit summary |
|||
Line 1: | Line 1: | ||
We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --[[User:195.67.240.29|195.67.240.29]] 17:39, 13 April 2007 (EDT) | We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --[[User:195.67.240.29|195.67.240.29]] 17:39, 13 April 2007 (EDT) | ||
---- | |||
== How to do I use GM_setValue safely? == | == How to do I use GM_setValue safely? == | ||
Line 17: | Line 21: | ||
* Is it safe? | * Is it safe? | ||
* Is there a better way that does not involve unsafeWindow? | * Is there a better way that does not involve unsafeWindow? | ||
:You should be able to just define the method on <code>window</code>. So try just | :You should be able to just define the method on <code>window</code>. So try just | ||
Line 23: | Line 28: | ||
… | … | ||
} | } | ||
--[[User:81.227.36.227|81.227.36.227]] 04:13, 6 May 2007 (EDT) |
Revision as of 08:13, 6 May 2007
We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --195.67.240.29 17:39, 13 April 2007 (EDT)
How to do I use GM_setValue safely?
I want to insert in the page an HTML element that can be used to update a preference.
My strategy for doing this is:
- add the element in the userScript, with an onclick property set to call updatePref(new_state);
- add a function to update the setting to unsafeWindow, here is the function:
unsafeWindow.updatePref = function(state) { var s; if (state) { s = true; } else { s = false; } GM_setValue('pref', s); };
Questions:
- Is it safe?
- Is there a better way that does not involve unsafeWindow?
- You should be able to just define the method on
window
. So try just
function updatePref(state) { … }
--81.227.36.227 04:13, 6 May 2007 (EDT)