New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: a shared object among user-scripts #1278
Comments
Can you be more specific about what you mean by "Since SHA: 6a4ffd5 commited"? Can you provide a reduced test case demonstrating that this approach worked in some released version of Greasemonkey? |
Sorry, I missed creating link. Test scripts are here https://gist.github.com/809658 until version 0.9, can get |
See also: |
Teramako, I see and share your point of view. In addition to that, I think that if the sharing of the window is maintained in the same fashion that exist before, there is no risk for scripts. If the scripts want to communicate one each other, they will use window properties. If the scripts don't want to communicate one each other, they don't have to do anything special... |
If the chance exists, in any fashion, that is pointed out in #1258 of any kind of exploit on the GM API or an Authors code then I vote a -1 to restore the original method that was removed in GM 0.9.x. If there is the possibility utilizing some metadata key, say the @namespace (since it does not have to be unique by itself but in combination with @name), then I would be +1 for something along these lines provisionally. |
Also, it could be possible to support these communication using GM_get/setValue. GM_setValue can have another parameter that denotes if the stored data must be shared or not. Example:
I am just giving ideas to support desirable communication between scripts. |
I've designed an example to illustrate the possible dangers of allowing scripts to share objects via expando properties on the window object. Use GM 0.9.0 or earlier(I used 0.8.6) to test these scripts. The order in which the scripts are executed makes no difference in my example. My first script is merely a non-malicious script that carelessly assigns two functions as properties of the window object. This example is not unreasonable, since many users are likely unaware that doing so will share these functions with all scripts that are installed. My second script is an example of a malicious script that is designed to target my first script. A real attacker is unlikely to make his intentions so obvious and could use various means to obfuscate the code. The code doesn't even have to be included in the script. It could be in an @require or loaded via xhr at run-time and evaled. The malicious script uses the functions of the first script in order to get itself access to the global of that script. Once it has done this it has access to all the GM api functions of that script. It could corrupt all the functions and make the script unusable. It could listen in on GM_xhr request, logging the information for itself and submitting to a remote server. It could even get any information the script might have stored in In my opinion, letting scripts share objects via expando properties on the window object is completely unsafe because all scripts will have access to these objects. Many users many not be aware that these properties are shared between scripts and may therefore carelessly add functions that can be exploited, which I have shown is entirely possible. |
So: A) *etValue is not a communication mechanism. If such a mechanism is built, it should probably not be layered there. As described, I'm seeing that with this old unintended behavior, it was theoretically possible for one user script to DoS another (poorly written) script, including by altering its persistent *etValue store. I do not, however, see any GM_xhr related problems. Assuming you are an installed user script, you can run all the |
This issue has been quiet for a long time. Is anyone out there still looking for this? |
I am not sure myself. Most of the user.js ScriptWrights are doing their best to work together on compatibility fixes and shared libraries via @require. It would be nice to see something, perhaps a messaging pump built but as you stated it's pretty quiet. |
The undo of re-wrapping and shared window object only works in FF3. No longer works on FF7. So the behaviour of some scripts changes depending on the FF version. |
Some user-scripts refer to some object defined by the other user-script.
e.g.)
like following: LDRize use functions defined by Minibuffer.
Since SHA: 6a4ffd5 commited, these cannot work. Because
window
object had been not same object on Firefox 3.6 and an object defined by the other sandbox cannot be refer on Firefox 4.0b.Of course, We can use
unsafeWindow
, but it has security risk.and I considered about using
DataContainerEvent
of DOM Event, but it also has security risk.So I concluded that we need a certain object for sharing among only user-scripts.
here is a patch:
The text was updated successfully, but these errors were encountered: