Is it possible for a malicious web page to subvert js context so that
arbitrary code will be executed when the following userscript is run on the
page?
var js_enabled = false;
>
> var script = $el('script', {
> 'type': 'application/javascript',
> 'text': 'var js_enabled = 1;'
> });
> document.body.appendChild(script);
> document.body.removeChild(script);
> if (typeof unsafeWindow.js_enabled === 'number') {
> js_enabled = true;
> }
>
> if (js_enabled) {
> // js works
> } else {
> // js forbidden
> }
>
Wiki states that
> USE OF UNSAFEWINDOW IS INSECURE, AND IT SHOULD BE AVOIDED WHENEVER
> POSSIBLE. ... User scripts should therefore avoid calling *or in any
> other way depending on any properties on unsafeWindow*
>
but I do not see how the above code can be compromised. It cannot, can it?
--
You received this message because you are subscribed to the Google Groups
"greasemonkey-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/greasemonkey-users.
For more options, visit https://groups.google.com/groups/opt_out.
