Skip to content

/ greasemonkey

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pale Moon Support #2092

Merged
merged 2 commits into from May 6, 2015
+28 −6
Merged

Pale Moon Support #2092

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
22f7264
Basic Pale Moon support.
Feb 12, 2015
9361136
Disable getObjectPrincipal if the browser does not support it.
Feb 12, 2015
File filter...
Filter file types
Jump to…
Jump to file
Failed to load files.

Always

Just for now

9 content/scratchpad-overlay.js
View file
Open in desktop
@@ -24,7 +24,14 @@ window.addEventListener('load', function() {

if (!Scratchpad.initialized) return;

Scratchpad.editor.setCursor({line: 0, ch: 0});
if ('function' == typeof Scratchpad.editor.setCursor) {
// Firefox >= 28
Scratchpad.editor.setCursor({line: 0, ch: 0});
} else {
// Firefox <= 27
Scratchpad.editor.setCaretPosition(0, 0);
}

clearInterval(initializeCheckTimer);
}
initializeCheckTimer = setInterval(moveCursorToTop, 20);
9 install.rdf
View file
Open in desktop
@@ -50,6 +50,15 @@
</Description>
</em:targetApplication>

<!-- Pale Moon -->
<em:targetApplication>
<Description>
<em:id>{8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}</em:id>
<em:minVersion>25.0</em:minVersion>
<em:maxVersion>25.*</em:maxVersion>
</Description>
</em:targetApplication>

</Description>

</RDF>
16 modules/xmlhttprequester.js
View file
Open in desktop
@@ -5,7 +5,10 @@ Components.utils.import("resource://greasemonkey/util.js");
function GM_xmlhttpRequester(wrappedContentWin, originUrl, sandbox) {
this.wrappedContentWin = wrappedContentWin;
this.originUrl = originUrl;
this.sandboxPrincipal = Components.utils.getObjectPrincipal(sandbox);
// Firefox < 29 does not support getObjectPrincipal in a scriptable context.
// Older Greasemonkey didn't use this, so if the browser doesn't support it,
// this shouldn't be less secure (for that browser).
this.sandboxPrincipal = 'function' == typeof Components.utils.getObjectPrincipal ? Components.utils.getObjectPrincipal(sandbox) : null;
}

// this function gets called by user scripts in content security scope to
@@ -169,10 +172,13 @@ function(wrappedContentWin, req, event, details) {
var eventCallback = details["on" + event];
if (!eventCallback) return;

// ... but ensure that the callback came from a script, not content, by
// checking that its principal equals that of the sandbox.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback);
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return;
// Firefox < 29 hack; see above.
if ('function' == typeof Components.utils.getObjectPrincipal) {

This comment has been minimized.

Sign in to view
@arantius

arantius Feb 25, 2015
Collaborator

So this just skips implementing a critical security feature? I'm not super fond of that.

This comment has been minimized.

Sign in to view
@Crazycatz00

Crazycatz00 Feb 25, 2015
Author Contributor

Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)

I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.

This comment has been minimized.

Sign in to view
@arantius

arantius Feb 25, 2015
Collaborator

Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.

This comment has been minimized.

Sign in to view
@Crazycatz00

Crazycatz00 Mar 11, 2015
Author Contributor

Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.

This comment has been minimized.

Sign in to view
@Skrell

Skrell May 20, 2015

I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?

This comment has been minimized.

Sign in to view
@arantius

arantius May 20, 2015
Collaborator

I think this is in 3.2beta2

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/?page=1#version-3.2beta2

This comment has been minimized.

Sign in to view
@Skrell

Skrell May 21, 2015

Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader

It worked fine in v1.15 so i'm not sure what happened.
// ... but ensure that the callback came from a script, not content, by
// checking that its principal equals that of the sandbox.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback);
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return;
}

req.addEventListener(event, function(evt) {
var responseState = {
ProTip! Use n and p to navigate between commits in a pull request.