All the Perl that's Practical to Extract and Report
use Perl Log In
tinman (2063)
(email not shown publicly)
tinman spent a few years mucking around industry before going back to school for a Masters. Currently not enjoying the weather in North England..
He wrote Perl that looked suspiciously like C code in 1998, while working as an intern, and has been trying to cure that bad habit ever since.
greasemonkey has flaws
It's probably old news by now.. but Greasemonkey has serious, potentially fatal security flaws. The dev blog entry is here.
Having said that though, it's still possible (although not recommended, certainly) to use the old Greasemonkey safely. If a script isn't injected into a page, it can't be exploited. So, making sure scripts only execute on explicitly added pages (instead of using wildcarded includes) is one option.
Another, more obvious option is to install the update. And live without the fancy gm_ namespaced functions for a while.
Unless the specific sites that I use Greasemonkey for are compromised, I think I'm fairly safe. Famous last words? Maybe
help them think they understand.
--Larry Wall
NoScript (Score:2)
I'm not entirely sure whether that's a good or a bad thing, though.
Re:NoScript (Score:2)
I use it, and it's a good thing, except for the infrequent times when NoScript crashes Firefox. I hope those will go away in a future update.
J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
Re:NoScript (Score:1)
NoScript is actually pretty nifty :) I installed it once the fuss about GM security broke. The whitelisting was a bit tedious, but it seems to work.
I think the problem that was raised on the GM list was that it just allows (or disallows) Javascript. Malicious Javascript could be inserted into a page via some hackery and it would be allowed. This, at least, was the theory and so people were recommended not to use Noscript to cover up GM security flaws :)