Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pale Moon Support #2092

Merged
merged 2 commits into from May 6, 2015
Merged

Pale Moon Support #2092

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
22f7264
Basic Pale Moon support.
Feb 12, 2015
9361136
Disable getObjectPrincipal if the browser does not support it.
Feb 12, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 8 additions & 1 deletion content/scratchpad-overlay.js
View file
Open in desktop
Expand Up @@ -24,7 +24,14 @@ window.addEventListener('load', function() {

if (!Scratchpad.initialized) return;

Scratchpad.editor.setCursor({line: 0, ch: 0});
if ('function' == typeof Scratchpad.editor.setCursor) {
// Firefox >= 28
Scratchpad.editor.setCursor({line: 0, ch: 0});
} else {
// Firefox <= 27
Scratchpad.editor.setCaretPosition(0, 0);
}

clearInterval(initializeCheckTimer);
}
initializeCheckTimer = setInterval(moveCursorToTop, 20);
Expand Down
9 changes: 9 additions & 0 deletions install.rdf
View file
Open in desktop
Expand Up @@ -50,6 +50,15 @@
</Description>
</em:targetApplication>

<!-- Pale Moon -->
<em:targetApplication>
<Description>
<em:id>{8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}</em:id>
<em:minVersion>25.0</em:minVersion>
<em:maxVersion>25.*</em:maxVersion>
</Description>
</em:targetApplication>

</Description>

</RDF>
16 changes: 11 additions & 5 deletions modules/xmlhttprequester.js
View file
Open in desktop
Expand Up @@ -5,7 +5,10 @@ Components.utils.import("resource://greasemonkey/util.js");
function GM_xmlhttpRequester(wrappedContentWin, originUrl, sandbox) {
this.wrappedContentWin = wrappedContentWin;
this.originUrl = originUrl;
this.sandboxPrincipal = Components.utils.getObjectPrincipal(sandbox);
// Firefox < 29 does not support getObjectPrincipal in a scriptable context.
// Older Greasemonkey didn't use this, so if the browser doesn't support it,
// this shouldn't be less secure (for that browser).
this.sandboxPrincipal = 'function' == typeof Components.utils.getObjectPrincipal ? Components.utils.getObjectPrincipal(sandbox) : null;
}

// this function gets called by user scripts in content security scope to
Expand Down Expand Up @@ -169,10 +172,13 @@ function(wrappedContentWin, req, event, details) {
var eventCallback = details["on" + event];
if (!eventCallback) return;

// ... but ensure that the callback came from a script, not content, by
// checking that its principal equals that of the sandbox.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback);
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return;
// Firefox < 29 hack; see above.
if ('function' == typeof Components.utils.getObjectPrincipal) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this just skips implementing a critical security feature? I'm not super fond of that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, this does skip it, but only if the browser doesn't support it. So for FF >= 29, it should still use the check, but for earlier versions (e.g. Pale Moon, which currently use 1.15 lacking this check anyway) it won't. I see this as a gain, as PM can benefit from the other fixes and changes since, but I can see why you wouldn't want any bypasses for this. I just don't see any other way to check without that function. (I'm not well versed on FF internals though.)

I figured that since it does work, and shouldn't affect mainline Firefox, I would at least mention it. In the worst case, I could just maintain a PM-only branch with this disabled until I can get them to implement it, though. That's probably best in the long run.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point; if the protection is not already in place due to usage of ancient Greasemonkey version, the impact is quite reduced.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to update, I have requested for Pale Moon to add support for this function. I don't know any time-frame, but when it's done 9361136 should be unneeded.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry, i'm new to git and would like to use the latest version of greasemonkey with the few fixes you mention here...how can i get an xpi with them?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is in 3.2beta2

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/?page=1#version-3.2beta2

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok so i got 3.2b2 installed. Everything seems to work fine in Palemoon so far; however, this script no longer works on soundcloud:
https://greasyfork.org/en/scripts/5421-soundtake-soundcloud-downloader

It worked fine in v1.15 so i'm not sure what happened.

// ... but ensure that the callback came from a script, not content, by
// checking that its principal equals that of the sandbox.
var callbackPrincipal = Components.utils.getObjectPrincipal(eventCallback);
if (!this.sandboxPrincipal.equals(callbackPrincipal)) return;
}

req.addEventListener(event, function(evt) {
var responseState = {
Expand Down