New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pale Moon Support #2092
Pale Moon Support #2092
Conversation
Possible security risk, but older versions (1.15) don't check either. Should not affect Firefox >= 29.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback); | ||
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return; | ||
// Firefox < 29 hack; see above. | ||
if ('function' == typeof Components.utils.getObjectPrincipal) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this just skips implementing a critical security feature? I'm not super fond of that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)
I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is in 3.2beta2
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/?page=1#version-3.2beta2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader
It worked fine in v1.15 so i'm not sure what happened.
Don't log (to console) errors that are already visible in the dialog. Some formatting. Refs greasemonkey#2092
Add #2038.
I've been personally running this on PM 25.2.1x64 for a couple weeks now without problem, though I haven't tested extensively beyond my normal usage.