Pale Moon Support #2092
Pale Moon Support #2092
Conversation
Possible security risk, but older versions (1.15) don't check either. Should not affect Firefox >= 29.
| var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback); | ||
| if (!this.sandboxPrincipal.equals(callbackPrincipal)) return; | ||
| // Firefox < 29 hack; see above. | ||
| if ('function' == typeof Components.utils.getObjectPrincipal) { |
arantius
Feb 25, 2015
Collaborator
So this just skips implementing a critical security feature? I'm not super fond of that.
So this just skips implementing a critical security feature? I'm not super fond of that.
Crazycatz00
Feb 25, 2015
Author
Contributor
Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)
I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.
Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)
I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.
arantius
Feb 25, 2015
Collaborator
Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.
Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.
Crazycatz00
Mar 11, 2015
Author
Contributor
Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.
Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.
Skrell
May 20, 2015
I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?
I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?
arantius
May 20, 2015
Collaborator
I think this is in 3.2beta2
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/?page=1#version-3.2beta2
I think this is in 3.2beta2
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/?page=1#version-3.2beta2
Skrell
May 21, 2015
Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader
It worked fine in v1.15 so i'm not sure what happened.
Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader
It worked fine in v1.15 so i'm not sure what happened.
Don't log (to console) errors that are already visible in the dialog. Some formatting. Refs greasemonkey#2092
Add #2038.
I've been personally running this on PM 25.2.1x64 for a couple weeks now without problem, though I haven't tested extensively beyond my normal usage.