Talk:UnsafeWindow

From GreaseSpot Wiki
Revision as of 15:38, 13 January 2012 by Arantius (talk | contribs) (Reverted edits by 94.27.115.150 (talk) to last revision by Arantius)
Jump to navigationJump to search

We should add an example of an exploit. If not running code (would be nice) for security-by-obscurity reasons, then at least explain what could happen. --195.67.240.29 17:39, 13 April 2007 (EDT)

+1 . I've never totally understood *what* the vulnerabilities are. This is the most I've ever gotten: http://arantius.info/gm/security/gm-escalate-getter.html Arantius 12:17, 13 May 2007 (EDT)


How to do I use GM_setValue safely?

I want to insert in the page an HTML element that can be used to update a preference.

My strategy for doing this is:

  • add the element in the userScript, with an onclick property set to call updatePref(new_state);
  • add a function to update the setting to unsafeWindow, here is the function:
	unsafeWindow.updatePref = function(state) {
		var s;
		if (state) { s = true; } else { s = false; }
		GM_setValue('pref', s);
	};

Questions:

  • Is it safe?
  • Is there a better way that does not involve unsafeWindow?


You should be able to just define the method on window. So try just
function updatePref(state) {
  …
}

--81.227.36.227 04:13, 6 May 2007 (EDT)

Asking questions should really be done on the mailing list not the wiki. Arantius 12:17, 13 May 2007 (EDT)

This page would be a zillion (conservative estimate) times more useful if it actually described why unsafeWindow is unsafe instead of asking us to take it on trust. I have attempted such an explanation, but it would benefit from checking by someone who knows more about it than I do, Dan 18:17, 5 September 2008 (EDT) Dan 08:02, 6 September 2008 (EDT)


@Photodeus Careful... this is part of the API and there will be consistency here... this isn't wikipedia's style. Marti 22:45, 28 April 2009 (EDT)

Danger, danger... high voltage!

Can we supply an example of HOW exactly unsafeWindow is unsafe? It reminds me of Statistics class. If your residual plot shows non-random scattering, "proceed with caution". And exactly what does proceeding with caution entail? QED. --aavindraa 02:18, 25 August 2009 (EDT)

Well you see... you stick the fork into the outlet and watch the pretty sparks fly! ;). As a general rule of thumb, in my circles, it's not a wise idea to teach someone to use kitchen utensils unwisely. ;) Marti 03:18, 27 August 2009 (EDT)
Does http://groups.google.com/group/greasemonkey-dev/tree/browse_frm/thread/933ecdb307c4386d/864b5121ad4698cb give enough detail? Someone should merge info from there in here. (Yes, "someone" might include me, at a future date.) Web-Crawling Stickler 06:55, 28 February 2010 (UTC)