Skip to content

Commit

Permalink
Protect GM API from malicious content-window hijacking [#8 state:reso…
Browse files Browse the repository at this point in the history 
…lved]
  • Loading branch information
@ocornu
ocornu committed Mar 23, 2009
1 parent a880b14 commit f6d11e1
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/components/webmonkey.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,14 @@ function prepareSrc(src, unwrap) {
var pre = "for (var i in GM) eval('var GM_'+i+' = GM[i]');";
if (unwrap)
return pre+src;
// move API inside script wrapper
pre = "const GM = this.GM; delete this.GM; "+pre+"\
var window = this.window; delete this.window;\
var unsafeWindow = this.unsafeWindow; delete this.unsafeWindow;\
var document = this.document; delete this.document;\
var XPathResult = this.XPathResult; delete this.XPathResult;\
var console = this.console; delete this.console;\
";
// wrap script into an anonymous function
return "(function(){"+pre+src+"})()";
}
Expand Down

0 comments on commit f6d11e1

Please sign in to comment.