Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pale Moon Support #2092

Merged
merged 2 commits into from May 6, 2015
Merged

Pale Moon Support #2092

merged 2 commits into from May 6, 2015

Conversation

Crazycatz00
Copy link
Contributor

Add #2038.
I've been personally running this on PM 25.2.1x64 for a couple weeks now without problem, though I haven't tested extensively beyond my normal usage.

Crazycatz00 added 2 commits February 12, 2015 16:10
Possible security risk, but older versions (1.15) don't check either. Should not affect Firefox >= 29.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback);
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return;
// Firefox < 29 hack; see above.
if ('function' == typeof Components.utils.getObjectPrincipal) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this just skips implementing a critical security feature? I'm not super fond of that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)

I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader

It worked fine in v1.15 so i'm not sure what happened.

@arantius arantius added this to the 3.2 milestone Feb 25, 2015
@arantius arantius merged commit 9361136 into greasemonkey:master May 6, 2015
arantius added a commit to arantius/greasemonkey that referenced this pull request Mar 13, 2018
Don't log (to console) errors that are already visible in the dialog.  Some formatting.

Refs greasemonkey#2092
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants