The "unsafe" in "unsafeWindow" is that it exposes the privileged GM_* functions to the content page: and that page could in theory do something unsavory with them.
If you "@grant none" then there are no privileged GM_* functions (that's the whole point!), so that vector of unsafe-ness does not exist, so you don't need to worry about it. There's nothing to put in a sandbox. You also use the ambiguous phrase "without @grant and GM_xx". I take that to mean: a legacy script that does not specify any @grant line, yet _does_ call GM_* functions. In such a case, Greasemonkey detects and acts as if there was a @grant line (with all the same legacy sandboxing). If your script gets privileged access, it lives in the sandbox that makes that safe. If it doesn't, then it doesn't. On Sat, Aug 25, 2012 at 6:46 PM, tomchen <[email protected]> wrote: > Thank you. > > "less safe" I mean, those script without @grant and GM_xx, may use > window.xx without any intention of modifying the variables in the page, > because they know it runs in sandbox, if they want to modify the variables > in the page, they will use unsafeWindow.xx rather than window.xx. But now, > window suddenly becomes able to access unsafeWindow, may it cause problems > and conflicts? > > It'd be better if, when no @grant is specified, and no API method is > detected, the script will run in sandbox. > -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
