This is because the script does not use unsafeWindow.myVar = "modified"; if it had then even in the old version the variable would appear "modified"
The unsafe is basically so script authors know that the site the script is running on could mess with the script or do strange things, so you are trusting the site the script is running on to not do anything malicious using the GM_functions. The site could easily pick on the user and the user might wrongly blame the script author. This is what makes it unsafe. Most sites do not bother with such things, although there are probably a few glaring examples of abuse. Since grant none does not expose GM api, unsafe window is no longer unsafe. You still must trust the script/script author regardless. Basically you only have to watch out for gm_xmlhttprequest, and it's usage is often non-invasive and beneficial. If they use gm_xmlhttprequest and they use unsafeWindow without specifying grant none you are fully trusting the site the script is running on to not abuse the API. It seems like it will not cause compatibility problems from what Anthony just said, scripts that do not specify any grant rule auto grant privileges based on usage of API, which means unsafeWindow is still unsafe unless you specify grant_none or your script doesn't use GM_functions. With a little bit of understanding one can easily add grant none and see if the site is overtly abusing the privilege, however some functionality may be broken in the process of testing this. On Sat, Aug 25, 2012 at 10:12 PM, tomchen <[email protected]> wrote: > It shows "modified" in Greasemonkey v1.0, but shows "original" before v1.0. -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
