On Sat, Jan 4, 2014 at 11:37 PM, Lunar <[email protected]> wrote: > > If this is just about transforming the URL, couldn't you use an HTTPS > > Everywhere rule? Then you wouldn't have to install ( and audit :) ) > > Greasemonkey. > > I had more in mind of locating the “normal” video window, and replacing > it with an iframe with the “embed” version. Isn't that the kind of > things that Greasemonkey can do? >
Yes, i guess it can. But it wouldn't address the security challenge of integrating GM. If only for a temporary youtube fix, is it really worth it? I haven't checked the project in the last couple years, yet in the past GM had to deal with significant security issues. As so many projects it grew from a few hacks and ended much wider than ever intended, with the usual design and coding scars. But the main obstacle was that it introduced a new level of privilege between embedded javascript and chrome code, which was not intended to exist in firefox and impossible to enforce in pure javascript. It was long the case that, although relatively safe when used properly, it could quickly be used in unsafe ways -- even in good faith. I guess it's gotten better since… ___ ɹǝıʌıןo -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
