Thank you. "less safe" I mean, those script without @grant and GM_xx, may use window.xx without any intention of modifying the variables in the page, because they know it runs in sandbox, if they want to modify the variables in the page, they will use unsafeWindow.xx rather than window.xx. But now, window suddenly becomes able to access unsafeWindow, may it cause problems and conflicts?
It'd be better if, when no @grant is specified, and no API method is detected, the script will run in sandbox. On Saturday, August 25, 2012 9:23:27 PM UTC+8, Anthony Lieuallen wrote: > > On Sat, Aug 25, 2012 at 5:50 AM, tomchen <[email protected] <javascript:> > > wrote: > >> Do I need to use "@grant unsafeWindow" if I want to use the unsafeWindow >> API? >> > > No. If you "@grant none" the window is the unsafe window. For backwards > compatibility, the variable named "unsafeWindow" is provided, as a direct > alias to the "window" object. If you @grant anything else, you run in the > legacy mode which has a different window and unsafeWindow. > > BTW, another question: if no @grant is specified, and no API method is >> used, the script will run without sandbox, making it able to access >> variables in the page, which means, a lot of userscript will no longer run >> in the security sandbox, does it become less safe to do so? >> > > Safe in what way? > -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To view this discussion on the web visit https://groups.google.com/d/msg/greasemonkey-users/-/GEeopm3Lc8oJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
