API is unsafely added to the sandbox
Reported by Olivier Cornu | March 15th, 2009 @ 12:49 PM
We protect scripts by wrapping them inside a function
(currently, unless @unwrap is used).
We should protect the API similarly, otherwise it is accessible
from the hostile environment after unsafeWindow
usage.
See: GM#225
Comments and changes to this ticket
-
Olivier Cornu March 24th, 2009 @ 11:36 AM
- State changed from “new” to “resolved”
(from [f6d11e1b4c9f6415bd8fdea053d3e0122b0bfab7]) Protect GM API from malicious content-window hijacking [#8 state:resolved] http://github.com/ocornu/webmonk...
-
Olivier Cornu September 2nd, 2009 @ 11:40 AM
- State changed from “resolved” to “invalid”
- Milestone cleared.
With the new injection logic it is not possible to wrap scripts in a function from WM any longer. Impossible to protect the API similarly either.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Webmonkey is a fork of the popular Greasemonkey extension for Firefox.
People watching this ticket
Olivier Cornu
Tags
Referenced by
-
8
API is unsafely added to the sandbox
(from [f6d11e1b4c9f6415bd8fdea053d3e0122b0bfab7]) Protect...