public marks

PUBLIC MARKS with tags greasemonkey & security

August 2006

June 2006

November 2005

O'Reilly Network: Avoid Common Pitfalls in Greasemonkey

by ecmanaut
Well written and detailed article on why Greasemonkey has to have its 0.5+ sandbox.

October 2005

August 2005

July 2005

Simon Willison: Understanding the Greasemonkey vulnerability

by svartling & 4 others (via)
If you have any version of Greasemonkey installed prior to 0.3.5, which was released a few hours ago, or if you are running any of the 0.4 alphas, you need to go and upgrade right now. All versions of Greasemonkey aside from 0.3.5 contain a nasty security hole, which could enable malicious web sites to read any file from your hard drive without you knowing. #

Greaseblog: Mandatory Greasemonkey Update

by digitalmonkey
"The flaw allows any website which matches at least one user script (even * scripts) to read any local file on your machine, or to list the contents of local directories".

XML.com: Secure RSS Syndication

by svartling & 10 others (via)
I have a problem. It's actually a pretty common problem. I have data that I want to syndicate to myself, but I don't want you to see it. It's private. Now this could be my credit card balance or internal bug reports for the day job. Either way, I want the information in a form suitable for syndication but not available to everyone.

March 2005

Cross-domain XMLHttpRequest via Greasemonkey

by François Hodierne
Jeremy Dunck points out that Aaron Boodman has posted a patch to the Greasemonkey mailing list which allows the XMLHttpRequest object to reach across domains.

Active users

kemar
last mark : 23/08/2006 11:13

4004
last mark : 15/06/2006 21:56

ecmanaut
last mark : 14/11/2005 04:32

macroron
last mark : 22/10/2005 20:31

digitalmonkey
last mark : 15/08/2005 11:35

François Hodierne
last mark : 28/07/2005 22:44

Hydragon
last mark : 21/07/2005 03:32

svartling
last mark : 20/07/2005 19:01