Skip to content

Unable to write into new window #1534

Synchro opened this Issue Apr 11, 2012 · 2 comments

3 participants

Synchro commented Apr 11, 2012

This appears to be the same problem as #1352, however I'm running Firefox 11.0 with GM 0.9.18. Here a minimal test case:

// ==UserScript==
// @name           Open Window
// @namespace      MarcusB
// ==/UserScript==

GM_registerMenuCommand('Open Window', openWindow);

function openWindow(e) {
    w ='', 'My Window', 'height=400,width=500');'text/plain');

Initially this gets intercepted by the FF popup blocker, but if it's then allowed and the page refreshed, the window opens, but its contents is blank, showing 'about:blank' in the address bar.

Because it's run from a GM_registerMenuCommand entry, it's happening long after the page has loaded, and it's not writing anything back to the page or doing big DOM ops.

If I run the same code from the firebug console (on the same host page, but not in a GM context), it works:

w ='', 'CSV', 'height=400,width=500');'text/plain');w.document.write('hello');w.document.close();

I've tried other MIME types, writing into the window on other ways, but it stays blank. The same code works fine in FF outside of GM, so I can only conclude it's a GM problem - or have I missed something?


I don't think we can directly fix this. should help you work around it though.

@arantius arantius closed this May 22, 2012
deant commented Sep 7, 2014

@Arantius, the location hack can't really fix this problem: It's too insecure.

A gearmonkey script needs the ability to create a dynamic page (for example for storing settings particular to that GM script) that can't be interfered with or read by (potentially hostile) page scripts.

(For example, consider a GM script that maintains a list of "blacklisted" users who's posts are automatically hidden on a blogging or messaging site; you'd need a secure page to manage that list).

I'm going to start a new issue about this.

@arantius arantius added this to the Pony milestone Sep 8, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.