FAQ: What are the security benefits over Greasemonkey?

erikvold edited this page Aug 7, 2011 · 15 revisions

Stealth

Unlike Greasemonkey, Scriptish cannot be detected by website administrators. If one were to use one of the following methods:

if (Components.interfaces.gmIGreasemonkeyService) {
  alert("I smell a monkey!");
}
<script type="text/javascript" src="resource://greasemonkey/addons4.js"></script>
<script type="text/javascript">
if (typeof GM_addonsStartup !== "undefined") {
  alert("I smell a monkey!");
}
</script>

it would be possible to detect Greasemonkey and use this information to help identify you, or take "anti-Greasemonkey" steps, such as disabling the effects or functionality of your scripts.


Secure Updates

Scriptish provides a secure method of updating user scripts which relies on https.


Global Excludes and User-defined @include/@exclude Rules for User Scripts

Scriptish supports a global excludes list (see Scriptish's Options), which allows users to exclude URL patterns for all user scripts.

Scriptish also allows users to easily define their own @include/@exclude rules for user scripts, which allows one to easily exclude a specific script from certain URL patterns.

Custom rules may be specified in a user script's Options menu, which is accessible through the Add-ons Manager.


@domain

Scriptish introduced the new @domain metadata header, which not only restricts the pages the user script can run on, but also the domains accessible from GM_xmlhttpRequest. This provides users with a better understanding of which domains are actually used by a user script.

If necessary, users can edit the user script to either add or remove @domain entries.


GM_safeHTMLParser

Allows one to safely create a DOM tree from a HTML string. Refer to this wiki page for more information.


Blocklist

Scriptish provides users with a default blocklist, as well as the ability to specify their own blocklists.

The Scriptish blocklist is meant to help protect users against known threats to their security.