Talk:Security tips: Difference between revisions

From GreaseSpot Wiki
Jump to navigationJump to search
(http*:// safe?)
(Signed.)
Line 12: Line 12:




The page suggests using http://, https:// or http*://. Is the latter in fact safe? What about <code>http://evil.example.com/#://</code>?
The page suggests using http://, https:// or http*://. Is the latter in fact safe? What about <code>http://evil.example.com/#://</code>? --[[User:81.225.74.254|81.225.74.254]] 13:35, 1 April 2007 (EDT)

Revision as of 17:35, 1 April 2007

I propose un-doing this revision. GreaseMonkey scripts always have a wrapper function. See greasemonkey.js line 250. Arantius 15:26, 15 March 2007 (EDT)

-1. The fact that Greasemonkey wraps scripts in an anonymous function is an irrelevant arcanum. return outside a function, even though it eventually ends up inside a function, is unclear. --Ldrhcp 18:16, 15 March 2007 (EDT)
+-0. I made that change (the one that was undone in the linked revision). While I think that bailing early is good and needless nesting is bad, I also think perhaps the nesting way is more clear, as an example. It also fits better with the fact that you might well have additional "else if" branches. We could give two examples, but that'd probably hurt more than it'd help. --81.225.78.42 07:27, 20 March 2007 (EDT)
It's a matter of aesthetics whether nesting code is "needless" or "bad". Do it as you please in scripts, but for pedagogical purpose, especially when the nested "code" is just a one line comment, I think nesting is better. Also, there is no reason to have an "else if" block, since the purpose of the example is to narrow down the include rule, not do arbitrary logic. --Ldrhcp 15:49, 20 March 2007 (EDT)




The page suggests using http://, https:// or http*://. Is the latter in fact safe? What about http://evil.example.com/#://? --81.225.74.254 13:35, 1 April 2007 (EDT)