Comments (4)
Just a note... this seems to work okay in squeeky clean profiles from:
Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0b4
Some underlying questions still remain though... whether or not to use this alternate method instead of setTimeout
and eval
... and/or limit the value to Function Objects.
This is going to be interesting trying to pin down which Add-on is causing this in my running profile. :S
Okay this is irritating... now it seems to be working in my running profile. :\
Alright discovered that it seems to be running in the restricted (content scope) namespace and its own private scope thus requiring JavaScript to be enabled. If the function is invoked via the parens then this seems to work around the issue of NoScript preventing access with my security settings.
So the underlying questions are:
- What ramifications can you see to using the parens instead of eval and setTimeout?
- Should there be a restriction on GMCs setTimeout if kept?
from gm_config.
What ramifications can you see to using the parens instead of eval and setTimeout?
We only used the setTimeout to avoid triggering GM's security violations. GM does a stack check when using GM_* functions and the onclick event listener is triggered from content scope even though it's set in sandbox scope. The ramifications of using parens instead are that you won't be able to access any GM_* functions in the callback function.
Should there be a restriction on GMCs setTimeout if kept?
To maintain backwards compatibility, I'd like to leave in the current behaviour and add a more properly named attribute, called "click", that will invoke the function directly.
... 'magic': { 'label': 'Magic Button', 'type': 'button', 'click': function() { alert('hey!'); } }, ...
Maybe we could even add a "hover"?
from gm_config.
GM does a stack check when using GM_* functions
Yah I remember this part...
and the onclick event listener is triggered from content scope even though it's set in sandbox scope.
and sounds familiar but...
and the onclick event listener is triggered from content scope even though it's set in sandbox scope.
... if I add a GM_log to the GMC Unit Test function:
... 'magic': { 'label': 'Magic Button', 'type': 'button', 'script': function() { alert('hey!'); GM_log('hey'); GM_addStyle('body { background-color: #f00; }'); } }, ...
and change to line above in GMC to:
... if (typeof scr == 'function') scr(); ...
... it does actually output to the error console with JavaScript disabled via NoScript:
... sizzlemctwizzle/The GM_config Unit Test: hey ...
after I fix the @include patterns since IANA keeps changing their URI (http://example.iana.org/ currently for me) rewrite to:
... // @include /^https?:\/\/.*?.iana.org\/?.*/ // @include http://*.iana.org/* // @include https://*.iana.org/* ...
Did something change that we all (or just me) missed?
EDIT: I did change the GMC line back to its original, enabled site JavaScript, and it still works in the body of the IANA document not the iframe with GM_addStyle... so I don't think I'm grasping what advantage this has other than GM/FF backwards compatibility. How far back do you want to support? I am slowly upping my minversion on most of my scripts since upstream Moz is finally catching up with ECMAScript 6 proposed standards (and almost nearly all ECMAScript 5).
EDIT: // @grant none
of course prevents any GM_ functions as expected and throws the exceptions.
Maybe we could even add a "hover"?
IDK I'm still new to this part. Although not sure what a hover (mouseover eventlistener I assume) would achieve. I'll defer to your expertise on this decision since you have been working with GMC longer than I have.
from gm_config.
The workaround I was providing seems to no longer be an issue in new versions of Firefox, so to hell with it, we're going to use direct invocation. I'm not the one who originally added this feature and if it had been me, I would have never allowed eval. It's unsafe and unnecessary, backwards compatibility be damned. If anyone wants that they can always use that other fork of GM_config.
from gm_config.
Related Issues (20)
- Mention of TypeScript types (@types/gm_config) HOT 9
- TypeScript Type Definitions HOT 2
- Select Multiple HOT 2
- Dynamically creating fields HOT 4
- radio onChange event HOT 1
- Capstone 4.0 HOT 5
- Display: flex ? HOT 1
- Redefine save and close buttons? HOT 3
- Calling get() before init() completes doesn't work anymore HOT 19
- `Object.create(null)` duplication HOT 2
- Strange issue with Unit Test HOT 2
- Alert Text in Unit Test HOT 9
- Hello, I need help with the UI style HOT 1
- Suggestion - add a property `initialized` (Promise object) HOT 1
- File pick implementation HOT 1
- TypeError: field is undefined HOT 1
- Resize window HOT 1
- Scaling config data
- Field value change event
- Does not appear to work with GM4 HOT 24
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gm_config.