Security of wrappedJSObject

Article:		Avoid Common Pitfalls in Greasemonkey
Subject:		Security of wrappedJSObject
Date:		2008-08-24 00:12:32
From:		gaudio
Response to: Security of wrappedJSObject
The primary reason it's unsafe is because it's possible for the remote site to have redefined the 'setAttribute' method on the body. In that case, you are running remote code, which could be doing anything, in the privileged sandbox of Greasemonkey. If I'm not mistaken, this remote script could be written to grab a hold of some of the privileged objects, especially GM_xmlhttpRequest, and start going crazy with it. What's really needed is the ability to drop out of the sandbox when calling a method defined from the remote page, whether directly or via an object. Of course, this guide was written about 0.3 Greasemonkey versions ago, so perhaps it's become a bit more secure.

View All RSS Feeds >

800-889-8969 or 707-827-7019
Monday-Friday 7:30am-5pm PT
©2011, O'Reilly Media, Inc.
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.