Talk:Location hack

From GreaseSpot Wiki
Jump to navigationJump to search

GM_eval vs. eval(s, unsafeWindow) vs. LocationHack

GM_eval() will not be implemented.

  1. The second argument of eval was removed.
  2. Running eval() in chrome scope is a very dangerous thing to do.
  3. I'm not confident that it actually worked to solve the problems that the location hack does. (I'm confident that it does not, on FF 3.0.13 on Linux. Perhaps it did in older versions, before it was removed.)

Location Hack Broken


Fromp: You are confused about what the location hack is supposed to accomplish. It's for letting a user script call into a function (for example) defined in the page. Your example which I just removed was doing the opposite. As written that example should never have worked. Arantius 12:41, 16 September 2009 (EDT)


Arantius has removed the following passage that I had added:

It is possible that the location.href code is excuted (much) later than the readout code in the following lines. This breaks the location hack. (Observed in Firefox 3.6.8)

This happened with Firefox 3.6.8 and broke the Wikipedia editor wikEd. The only work around was to poll the location hack element after having set location.href. Independent of the poll delay time the results arrives usually with the 1st or 2nd poll. I have to apply the location hack during the page loading period before the load event fires. Event triggering instead of polling was not possible because during the page loading none of the tested events fired (e.g. click) (Arantius also reverted that remark [1]). Please see the current working code and testcase below. Cacycle 00:53, 5 September 2010 (UTC)

// ==UserScript==
// @name        location hack polling
// @include     *wiki*
// ==/UserScript==

window.Polling = function() {
  if (globalNode.value != '') {
  else {
    setTimeout(Polling, 10);

window.globalNode = document.createElement('textarea'); = 'globalNode'
location.href = 'javascript:document.getElementById(\'globalNode\').value = skin; void(0);';

Alternate solution sketch for reading page scope variables

While I don't know why Arantius removed the location hack helper (even the tersest change message would be useful), I can guess that it wasn't a dependable solution.

I think some asynchronous solution might be more backwards-and-forwards compatible and dependable, even though the API is less friendly to javascript beginners, and the code size explodes. Maybe something like this (untested):

// Query page javascript for the identifier "name", and call callback(value),
// when found, or undefined, if not found or some error occurred. This works
// only for values that can be JSON serialized -- numbers, strings, booleans,
// null, or nested structures like Arrays and Objects that only contain above
// mentioned types of data.
function queryContentVar(name, callback) {
  // makes a random 20-char lowercase id
  function random() {
    var rand = ;
    while (rand.length < 20)
      rand += String.fromCharCode(97 + Math.random() * 26 | 0);
    return rand;

  // Creates a mostly anonymous <meta> tag in the <head> section, giving it a
  // secret id we'll use for messaging back and forth with content space, and
  // fires pageInit() in the page scope (to listen and respond to queries from
  // us about variables) and registers reply() for answers from it at this end.
  function privInit() {
    var node = document.createElement('meta'), secret,
        head = document.getElementsByTagName('head')[0]; = secret = random();
    node.addEventListener(id, reply, false);
    location.href = 'javascript:('+ pageInit +')('+ JSON.stringify(secret) +')';
    return node;

  // Grabs the meta tag, anonymizes it and listens for incoming queries from us.
  function pageInit(secret) {
    // Replaces given <meta content=""> with <meta content="value">
    // (after JSON encoding it) and then alerts the caller to grab the response.
    function reply() {
      var name = node.getAttribute('content'),
          mesg = document.createEvent('Events'),
      try {
        val = eval(node.getAttribute('content'));
        val = JSON.stringify(val);
      } catch(e) { val = ; }

      node.setAttribute('content', val);
      mesg.initEvent(secret, true, false);

    var node = document.getElementById(secret);
    node.addEventListener(secret + '?', reply, false);

  var self = queryContentVar,
      node = self.node = self.node || privInit(),
        id = self.secret = self.secret ||,
      mesg = document.createEvent('Events');

  mesg.initEvent(secret + '?', true, false);
  node.setAttribute('content', name);
  self.callback = callback;

  // Picks up the response from content space, decodes it, passes it on to given
  // response callback and resets everything (just in case) to handle new calls.
  function reply() {
    var cb = self.callback,
        is = node.getAttribute('content');
    if (cb) cb(is ===  ? undefined : JSON.parse(is));
    delete self.callback;

--Ecmanaut 23:58, 26 September 2010 (UTC)