Use __exposedProps__ #1595

arantius opened this Issue Aug 1, 2012 · 6 comments


None yet

2 participants

arantius commented Aug 1, 2012

Firefox 15 gives an error like:

Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See for more information.
Source File: resource://greasemonkey/runScript.js
Line: 28

When running scripts.


It no longer does. Closing this WAI.

@arantius arantius closed this Aug 17, 2012
@arantius arantius reopened this Aug 20, 2012

See #1607; this does appear to still matter, at least for GM_xhr.

@arantius arantius added a commit to arantius/greasemonkey that referenced this issue Aug 30, 2012
@arantius arantius Specify __exposedProps__ for xmlhttprequester.
Fixes #1607
Refs #1595

After the fix linked above for #1607, this seems to be done. My tests show that all of the other API methods act as expected; I believe because they always return nothing, or standard string/array objects, and:

If all you’re doing is passing values like numbers, booleans or strings, they should continue to work.

@arantius arantius closed this Aug 30, 2012

I am getting the same exposedProps error when attempting to iterate over the array returned by GM_listValues().

The following simple script shows the issue:

// ==UserScript==
// @name        Demonstrate __exposedProps__ warning
// @namespace   personal
// @include     SITE_URL
// @require
// @require
// @grant        GM_listValues
// @version     1
// ==/UserScript==

var gmValues = GM_listValues();

gmValues.forEach(function(val, index){

The console shows:

Exposing chrome JS objects to content without exposedProps is insecure and deprecated. See for more information.

draftKeys.forEach(function(val, index){

Additional Details: OSX 10.8.1, Firefox 15.0.1, GreaseMonkey 1.1



It would be helpful if you report this as its own separate issue.


@arantius good call, in #1637

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment