http://groups.google.com/group/greasemonkey-dev/browse_thread/thread/933ecdb307c4386d
I believe this specific case is fixed. But JS is a complex/powerful language. This serves as a good example of the surprising sorts of things it can do. On Mon, Jul 1, 2013 at 9:39 PM, Principia Discordia < [email protected]> wrote: > Is it possible for a malicious web page to subvert js context so that > arbitrary code will be executed when the following userscript is run on the > page? > > var js_enabled = false; >> >> var script = $el('script', { >> 'type': 'application/javascript', >> 'text': 'var js_enabled = 1;' >> }); >> document.body.appendChild(script); >> document.body.removeChild(script); >> if (typeof unsafeWindow.js_enabled === 'number') { >> js_enabled = true; >> } >> >> if (js_enabled) { >> // js works >> } else { >> // js forbidden >> } >> > > Wiki states that > >> USE OF UNSAFEWINDOW IS INSECURE, AND IT SHOULD BE AVOIDED WHENEVER >> POSSIBLE. ... User scripts should therefore avoid calling *or in any >> other way depending on any properties on unsafeWindow* >> > > but I do not see how the above code can be compromised. It cannot, can it? > > -- > You received this message because you are subscribed to the Google Groups > "greasemonkey-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/greasemonkey-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/greasemonkey-users. For more options, visit https://groups.google.com/groups/opt_out.
