Difference between revisions of "Talk:Security tips"

From GreaseSpot Wiki
Jump to navigationJump to search
(voted -1)
m (Reverted edits by 46.17.96.204 (talk) to last revision by Arantius)
 
(7 intermediate revisions by 6 users not shown)
Line 3: Line 3:


: -1. The fact that Greasemonkey wraps scripts in an anonymous function is an irrelevant arcanum. <code>return</code> outside a function, even though it eventually ends up inside a function, is unclear. --[[User:Ldrhcp|Ldrhcp]] 18:16, 15 March 2007 (EDT)
: -1. The fact that Greasemonkey wraps scripts in an anonymous function is an irrelevant arcanum. <code>return</code> outside a function, even though it eventually ends up inside a function, is unclear. --[[User:Ldrhcp|Ldrhcp]] 18:16, 15 March 2007 (EDT)
: +-0. I made that change (the one that was undone in the linked revision). While I think that bailing early is good and needless nesting is bad, I also think perhaps the nesting way is more clear, as an example. It also fits better with the fact that you might well have additional "else if" branches. We ''could'' give two examples, but that'd probably hurt more than it'd help. --[[User:81.225.78.42|81.225.78.42]] 07:27, 20 March 2007 (EDT)
:: It's a matter of aesthetics whether nesting code is "needless" or "bad". Do it as you please in scripts, but for pedagogical purpose, especially when the nested "code" is just a one line comment, I think nesting is better. Also, there is no reason to have an "else if" block, since the purpose of the example is to narrow down the include rule, not do arbitrary logic. --[[User:Ldrhcp|Ldrhcp]] 15:49, 20 March 2007 (EDT)
----
The page suggests using &#104;ttp://, &#104;ttps:// or http*://. Is the latter in fact safe? What about <code>&#104;ttp://evil.example.com/#://</code>? --[[User:81.225.74.254|81.225.74.254]] 13:35, 1 April 2007 (EDT)
: +1 (remove the star version) [[User:Arantius|Arantius]] 00:09, 9 April 2007 (EDT)

Latest revision as of 22:17, 21 March 2012

I propose un-doing this revision. GreaseMonkey scripts always have a wrapper function. See greasemonkey.js line 250. Arantius 15:26, 15 March 2007 (EDT)

-1. The fact that Greasemonkey wraps scripts in an anonymous function is an irrelevant arcanum. return outside a function, even though it eventually ends up inside a function, is unclear. --Ldrhcp 18:16, 15 March 2007 (EDT)
+-0. I made that change (the one that was undone in the linked revision). While I think that bailing early is good and needless nesting is bad, I also think perhaps the nesting way is more clear, as an example. It also fits better with the fact that you might well have additional "else if" branches. We could give two examples, but that'd probably hurt more than it'd help. --81.225.78.42 07:27, 20 March 2007 (EDT)
It's a matter of aesthetics whether nesting code is "needless" or "bad". Do it as you please in scripts, but for pedagogical purpose, especially when the nested "code" is just a one line comment, I think nesting is better. Also, there is no reason to have an "else if" block, since the purpose of the example is to narrow down the include rule, not do arbitrary logic. --Ldrhcp 15:49, 20 March 2007 (EDT)




The page suggests using http://, https:// or http*://. Is the latter in fact safe? What about http://evil.example.com/#://? --81.225.74.254 13:35, 1 April 2007 (EDT)

+1 (remove the star version) Arantius 00:09, 9 April 2007 (EDT)