Stories
Slash Boxes
Comments

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

AndyArmstrong (7200)

AndyArmstrong
  (email not shown publicly)
http://hexten.net/

Journal of AndyArmstrong (7200)

Sunday December 16, 2007
03:11 PM

HTTP::Proxy::GreaseMonkey

[ #35113 ]

Yesterday I posted a GreaseMonkey script to add a CPAN Dependencies link to search.cpan.org.

The only problem with that is that FireFox is not my main browser. I tend to use FireFox for web development (FireBug++) and Safari for general surfing. Theoretically you can use GreaseMonkey scripts in Safari using CreamMonkey - but I couldn't get that to play nicely with Leopard.

So I've released HTTP::Proxy::GreaseMonkey which builds on BooK's excellent HTTP::Proxy to provide a local proxy that functions like GreaseMonkey.

Version 0.01 of HTTP::Proxy::GreaseMonkey has no support for the GM_* utility functions that the real GreaseMonkey provides - but it works well enough to support my CPAN dependencies user script and probably quite a few other GM scripts. Suggestions are welcome. Suggestions with patches even more so.


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

HTTP::Proxy::GreaseMonkey 5 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • It also works with Yanick's RtSeverityOrdering [userscripts.org]. Anyone got any other Perl related GreaseMonkey scripts I can try it with?

  • As far as I can say, this approach can’t ever work really right, I’m afraid. Security is a big issue with Javascript, and the origin of code and content (in terms of DNS domain, mostly) plays a big role. There are tight limitations on what is permitted to code when things with different origins mix.

    Now Greasemonkey runs scripts in the context of the page; however, it gives them access to functions that run within the browser’s local security context. That’s what’s special abo

    • Yes, but I have a proxy... That means I can write a GM_xmlhttpRequest with a specially formed URL which appears to fetch from the current domain but which the proxy rewrites to fetch from the intended domain.

      http://this.domain.com/<some long string>/intended.com/something.xml -->

      http://intended.com/something.xml

      That's my theory anyway - I haven't implemented it yet. Can you see any problems with that? Obviously I'm opening up an XSS hole so I'd need to make sure that the GM_ functions weren'

      • Nice lateral thinking there!

        It almost sounds too easy to be right, but at first glance I can’t see anything wrong with that. I’d use HTTP Auth credentials rather than a long string in the URI, but that’s just a quibble.

        • I've just released 0.03 which supports GM_xmlhttpRequest to arbitrary sites. I'm afraid it uses a long arbitrary string in the URL to alert the proxy at the moment. I'll have a think about using auth credentials instead - it certainly sounds cleaner.
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.