Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Default) mode to execute scripts in the content scope #1427

Closed
arantius opened this issue Sep 23, 2011 · 7 comments

Comments

Projects
None yet
1 participant
@arantius
Copy link
Collaborator

commented Sep 23, 2011

This issue is to track and discuss issues that arise if we run scripts in the content scope. To begin with:

  • Do we wrap scripts in an anonymous function, to provide a namespace isolated from the page?
  • How do we handle @requires?
  • How do we actually perform injection / execution?
@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented Sep 23, 2011

My gut tells me that method of execution should be via some sort of custom protocol handler ( https://developer.mozilla.org/En/NsIProtocolHandler ), guaranteeing that the appropriate URL will be outside the same-origin to any page (thus the script content is unreadable to the page). Then injection is just adding a <script> node with the proper custom-protocol URL. Our protocol handler then knows how to glue the script and any requires together into an appropriate response for javascript execution.

Perhaps @resources can also then be referred to by a URL served by this protocol.

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented May 22, 2012

I've also started thinking more recently that perhaps in the case of @grant none we still run just the same (evalInSandbox) but we just use the un-wrapped content window for the prototype, and just don't inject anything. Need to investigate how well this approach works.

arantius added a commit to arantius/greasemonkey that referenced this issue May 22, 2012

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented May 22, 2012

As implemented in arantius/greasemonkey@41d0da5 things seem to work as intended so far, but we definitely still get the file/line number confusion that we always have from the evalInSandbox(). A possible reason to re-implement as described in my first comment

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 8, 2012

I've tried the protocol handler route. It only half works. It's implemented; opening the appropriate URL via the URL bar shows the expected contents. But putting a <script> node in the page with src= that URL does not work. I don't know why yet.

arantius/greasemonkey@1.0...pure-content

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 8, 2012

Correction: all but the last script does run. The last one doesn't, and above I was only running one. Even more confusing.

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 8, 2012

Fixed the last-doesn't-run issue, the protocol handler's channel wasn't quite implemented right. But we need a DOM to inject the script node into -- and that doesn't exist yet at document-start.

The best solution I know of right now is to keep the protocol handler (still useful for referencing resources, maybe), but use it as the URL parameter to evalInSandbox(). That should make logged errors link to that generated file, rather than the eval call site, and make them slightly easier to grok.

@arantius

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 15, 2012

Custom protocol handler stuff is implemented in https://github.com/arantius/greasemonkey/tree/pure-content -- but it's working poorly enough that I'm going to defer doing that at all and call this fixed. Fixed by 41d0da5 .

@arantius arantius closed this Jun 15, 2012

arantius added a commit to arantius/greasemonkey that referenced this issue Jun 25, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.