On Sat, Aug 25, 2012 at 10:43 PM, Sam Larison <[email protected]> wrote:
> To clear up one error in my previous message, I am pretty certain, in the > old version, any usage of unsafeWindow meant that all of the GM_functions > were exposed. Now I think only the explicitly granted (or in > the absence of grant, the presently used) functions are exposed. I am not > certain how this search for used functions is performed, if the search > includes comments, etc. There are not any currently known "leaks" of the API functions. It's possible for a poorly or maliciously written script to directly expose them (i.e. "unsafewindow.anything = GM_xmlhttpRequest -- even still, they should be impossible for the content page to call. should be). But the fewer "not known" and "should"s involved, the better. There's no way for a @grant none script to do anything the page couldn't do on its own. On Sat, Aug 25, 2012 at 10:12 PM, tomchen <[email protected]> wrote: > Example: > ... window.addEventListener("load", function () { > window.myVar = "modified"; > }, false); > This is an anti-pattern. It's not a good thing to do. If scripts do this and break, they should be fixed. You have to explicitly do the "window." part of that assignment for there to be a chance for anything to break -- and before Greasemonkey 1.0 there was never a good reason to do that. (Though I've been surprised before with the creative things people have done, so I might be over-stating this.) But the short version is: Yes. Greasemonkey 1.0 changes things. That's why the major version bump (0.x to 1.x). I believe the vast majority of real scripts will be unaffected, or trivial to fix. This isn't an accident. It's a probably only slightly bumpy path to what I believe to be a better state, in the future. -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
