New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eval() does not work as expected #1258
Comments
Install this script: https://gist.github.com/raw/792568/b5e41b5e66c1ba3e524c08c27d57bb07782f8249/eval%20test.user.js (Source: https://gist.github.com/792568) I get alerts. In: |
Ha, foolish of me, I missed double quotes around the alert. Edited (reflected at the link above) them in and confirmed:
|
Confirmed that this error doesn't occur in greasemonkey/0.8 branch. |
Single Mozilla/5.0 (X11; Linux x86_64; rv:2.0b10pre) Gecko/20110123 Firefox/4.0b10pre "Dirty" profile (running profile but minimal add-ons and changes) Greasemonkey 0.9.0 release Single Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 "Dirty" Profile (e.g. running profile) Greasemonkey 0.9.0 release Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 "Clean" Profile (e.g. complete removal of .mozilla folder) Greasemonkey 0.9.0 release Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 "Basic" Profile (e.g. basic security add-ons) Greasemonkey 0.9.0 release Error Console via right click, Copy context: Error: Security Manager vetoed action Source File: file:///~/.mozilla/firefox/{seed}.{profile}/gm_scripts/sandbox/sandbox.user.js Line: 0 Line zero? It would appear that I'm guessing in the history it happened around this commit forward. Tested cacea0c ... it works and then the following commit at 807bea6 ... doesn't work. |
Workaround for a bug that causes the Security Manager to veto the use of eval. Closed by 6a4ffd5 |
The change performed, crash other scripts. In version 0.90 and before, the window variable was shared between scripts. The following example works: window.a=1;
And with this change, the second script crashes. A workaround trying to solve the bug and maintaining the backward compatibility is:
|
No, the second script crashes because your The change you suggest does absolutely nothing anyway. You're just storing the re-wrapped window in a variable( |
I know the reason of the crash of the second script. I understand that the behaviour of share variables between scripts could be undesirable. But the previous example works before 0.91 and not with 0.91. If the rewrapped window is reused (before 0.9), the properties asigned to the window variable by one script are available to the rest of the scripts. Also, from the scalability point of view, is better to reuse the rewrapped window than create one for each executed script... I see your point, I want to know if you see my point. |
Wasn't aware of this, but this isn't the place to discuss this. Please create a topic in the gm dev group about this since only people who commented on this issue will ever be notified of your comments. We should get more opinions.
Totally undesirable behavior imo. I'd rather that my scripts have a virgin namespace. Not to mention it requires scripts to be executed in a specific order to function properly. That'd cause all sorts of problems for users. |
I wasn't aware of this either. I would definitely like to read some other opinions and perhaps Aaron's take on this as well. Having this large of a "bullet hole" in the Sandbox/XPCNativeWrapper doesn't exactly appeal to me either. |
Just for fun checkout this exploit by installing these two scripts: Script1 Script2 |
Hmmm I guess I did know vaguely about this according to the dev wiki page but I didn't realize about this "feature" of that methodology. Sharing See also: |
I used "window" variable to share information between scripts in a undocumented way but I think that is useful. For example, to load a common library for a bunch of scripts (I used in this way). I know that the order of execution matters but it could be resolved manually or with "@priority" attribute in the metadata block. To sizzlemctwizzle: regarding to the example that you put before, in the second script, you don't need to put window.func(GM_getValue, GM_setValue) but func(GM_getValue, GM_setValue). If the "func" variable is not locally defined, the interpreter searches in "window" scope. The scripts can communicate if the want (for example, accessing window object), but no if they don't want (defining and using its local declaration). To Martii: I agree with you. A mechanism to control the sharing must to be there, but this mechanism can't be implemented in the way that you say. The "@namespace" attribute must to be unique. It could be possible to be implemented with uri fragment identifier. For example if script1 has a @namespace http://www.test.com/#1 and script2 has a @namespace http://www.test.com/#2. Thank you sizzlemctwizzle and Martii for your comments. I like GM :) |
This issue is closed, and is about a failure in Comments about the separate idea of "shared window between user scripts", should please please go in the issue where this was reported: #1278 |
I've done my best to test everything mentioned, and eval() and expandos work as expected in Firefox 3-7. Fixes greasemonkey#1278
Originally: http://groups.google.com/group/greasemonkey-users/browse_thread/thread/3512884cac5c5eb2?hl=en#
On 2011-01-22 5:42 PM, Beho Double wrote:
The text was updated successfully, but these errors were encountered: