>
>
> http://groups.google.com/group/greasemonkey-dev/browse_thread/thread/933ecdb307c4386d
>
> I believe this specific case is fixed. But JS is a complex/powerful
> language. This serves as a good example of the surprising sorts of things
> it can do.
>
Oops. It seems that using `typeof' on a getter triggers the trap, also:
window.__defineGetter__('js_enabled', trap);
>
> function trap() {
> alert('trap');
> }
>
> typeof window.js_enabled;
>
>
Whether or not the trap can get access to the GM context is another
question, but you have convinced me, that unsafeWindow is utterly insecure.
--
You received this message because you are subscribed to the Google Groups
"greasemonkey-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/greasemonkey-users.
For more options, visit https://groups.google.com/groups/opt_out.
