Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Use __exposedProps__ #1595

Closed
arantius opened this Issue · 6 comments

2 participants

arantius William Schneider
arantius
Collaborator

Firefox 15 gives an error like:

Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information.
Source File: resource://greasemonkey/runScript.js
Line: 28

When running scripts.

arantius
Collaborator

It no longer does. Closing this WAI.

arantius arantius closed this
arantius arantius reopened this
arantius
Collaborator

See #1607; this does appear to still matter, at least for GM_xhr.

arantius arantius referenced this issue from a commit in arantius/greasemonkey
arantius arantius Specify __exposedProps__ for xmlhttprequester.
Fixes #1607
Refs #1595
001560b
arantius
Collaborator

After the fix linked above for #1607, this seems to be done. My tests show that all of the other API methods act as expected; I believe because they always return nothing, or standard string/array objects, and:

https://blog.mozilla.org/addons/2012/08/20/exposing-objects-to-content-safely/

If all you’re doing is passing values like numbers, booleans or strings, they should continue to work.

arantius arantius closed this
William Schneider

I am getting the same __exposedProps__ error when attempting to iterate over the array returned by GM_listValues().

The following simple script shows the issue:

// ==UserScript==
// @name        Demonstrate __exposedProps__ warning
// @namespace   personal
// @include     SITE_URL
// @require     https://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
// @require      https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.23/jquery-ui.min.js
// @grant        GM_listValues
// @version     1
// ==/UserScript==

var gmValues = GM_listValues();

gmValues.forEach(function(val, index){
  console.log(val);
});

The console shows:

Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information.

draftKeys.forEach(function(val, index){

Additional Details: OSX 10.8.1, Firefox 15.0.1, GreaseMonkey 1.1

Thanks

arantius
Collaborator

It would be helpful if you report this as its own separate issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.