All of us here in Greasemonkeyland are extremely happy to announce that Greasemonkey 0.5 beta is now available for download. Horray!
It should go without saying, but: this is beta software. There will definitely be bugs. Install at your own risk.
Security
The major news with this release is, of course, security. Greasemonkey 0.5 is much more secure than 0.3.5. Several important classes of attacks have been completely disabled and others have been made more difficult, particularly in Deer Park.
- In Greasemonkey 0.3.4, it was possible for JavaScript on webpages you visited ("content") to use DOM mutation events, watchpoints, or Mozilla's proprietary __defineSetter__ method to get references to the special GM API functions. This has been fixed by moving user script execution away from content completely. Now, user scripts are executed in a separate object -- a "sandbox" -- which is not part of the content window. That means that content scripts cannot acccess it, and thus, cannot employ any of the tricks above to get access to the special GM APIs.
- In earlier versions, it was possible to block Greasemonkey itself by redefining certain content DOM methods that it used to inject scripts. This has been fixed in 0.5 by only ever accessing content via the special XPCNativeWrapper objects provided by Firefox for this purpose.
- It has long been understood and accepted that it would be possible to block individual user scripts by looking at which core DOM methods they try to use and redefining those. This will be a lot more difficult to do in Greasemonkey 0.5 when it is running on Deer Park. On Deer Park, the window and document global variables for Greasemonkey user scripts are also XPCNativeWrappers.
- It was recently discovered that GM_xmlhttpRequest was able to access the file:// protocol and read local files. This has been fixed.
- In all previous versions of Greasemonkey, it was trivial for content to monitor what user scripts you ran and get the source code for them. Running Deer Park and Greasemonkey 0.5, it's significantly less likely. It's still not impossible, however, so please continue to not put passwords in Greasemonkey user scripts.
Features
Since Greasemonkey 0.5 is actually the combination of a massive security audit and all the new code which was planned for 0.4, there are lots of new features too:
- GM_registerMenuCommand (documentation forthcoming) now takes extra parameters to add keyboard shortcuts.
- GM_registerMenuCommand no longer gets confused sometimes when switching tabs.
- Greasemonkey's previous memory leakage problems have been addressed.
- A new API, GM_openInTab has been added. You can now use a Greasemonkey user script to open a URL in a new Firefox tab.
- A new menu item has been added: New User Script, which you can use to start a new script. It adds all the boilerplate text to the file so you can get started typing right away.
For User Script Authors
For the most part, Greasemonkey 0.5 should be perfectly backward compatible with your existing user scripts in Firefox 1.0.x. In some cases, however, it can bite you when it didn't before. Generally speaking:
- Never add properties or functions to window. It's not safe because content can redefine these functions to mean something other than what you wrote.
For example, you should never write code like this:window.handleClick = function() {
alert("something was clicked!");
}
button.setAttribute("click", "window.handleClick()");
Instead, do it this way:function handleClick() {
alert("something was clicked!");
}
button.addEventListener("click", handleClick, false); - When you want to manipulate the DOM, always fully-qualify your expressions with window or document. So if you want to call alert on the current window, say window.alert instead of just alert. By doing this, you are sure to get the real alert method instead of a new one that content has used to overwrite the real one.
In a future version of Greasemonkey, the ability to call methods and properties of window without this qualification will probably go away, so best to get in the habit now. - Keep up with the current Deer Park best practices on the Greasemonkey wiki.
- Test in Deer Park if possible. Everything that works in Deer Park will definitely work in FF 1.0.x, but the reverse is not true. So it's best to test or develop your scripts in Deer Park for maximum compatibility.
So that's it. If you have any other questions, the Greasemonkey mailing list is, as always, the place to ask them.
Happy scripting!
86 comments:
Excellent! Thank you!
Well that's all fine and good, but I can't seem to get into the script archive.
Any news on the memory leaks front?
Amir,
Leaks are fixed.
The wiki is back up now. Sorry about that.
Good news! Any word on support for Seamonkey?
Anon, 0.5 is imcompatible w/ Seamonkey again. It's probably a simple fix, but didn't make the cut.
Great! Those memory leaks forced me to stop using this extension. I just installed the beta, see how it works.
Great Amir,
Definitely let us know how it performs on that front. I think I had the memory issues licked in 0.4.x back before the security scare. But there have been some pretty massive changes to get to 0.5. It's possible that new leaks have been introduced (though I have not experienced them).
If you see any problem here, I can definitely fix it before we get to 0.5 gold.
So let me know!
Virtually all my scripts (that were working with the past 2 releases) are now breaking. I consistenly get this error (on different scripts for different pages):
Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIScriptableUnicodeConverter.ConvertToUnicode]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://greasemonkey/content/utils.js :: getContents :: line 160" data: no]
Anon,
Are the scripts that are breaking for you publically accessible to download anywhere? This looks like a simple encoding issue, but it's difficult to debug without the files in question.
Thank you for getting the new version out so fast! I was starting to go through withdrawl without my backpack scripts...
I had to go to the script manager window and hit OK before any of the scripts I already had installed would work - prior to that it was like they weren't even there.
Actually, just did it again. Reloading the page made the script fire this time.. I don't know the GM internals though, so that's all I can really tell you, sorry.
woot!
RE: the breaking scripts. I finally isolated the problem. Any characters in the script with an ascii code past 0x7F will cause it to fail. This did not happen in prior GM releases. This happens, even if it's just in a comment line. Any scripts with, for example, a © symbol in the heading, are going to break.
The URL on the mozdev.org page... "http://userscripts.org/greasemonkey-0.5.xpi" is dead. Any other way I can get this?
Andy,
Should be back now. Jeremy was playing with DNS last night and you must have caught it at just the wrong time.
GM already had two menu items and now you are adding a third? How about putting an option or pref in that lets you easily disable them. The Tools menu is already hard to manage.
What do you mean, adding? 0.3.5 has a "User Script Commands" submenu in the Tools menu already. The ability to remove it in prefs would be nice, but I bet anything you can hide it in userChrome.css too.
/*
* Eliminate the Greasemonkey User Script Commands submenu
*/
#userscript-commands {
display: none !important;
}
I don't know about everyone else, but my copy of 0.5 beta is still suffering from the memory leak problem. If it is not happening to anyone else, I will try testing individual user scripts and report back.
All of my scripts, including those generated by Platypus, are broken now. I'm seriously considering rolling back to 0.3.5, so they will work again.
The one that I'm most bothered about is Unembed, which can be found here: http://dunck.us/collab/GreaseMonkeyUserScriptsGeneric
I wound up going back, things just weren't working right at all. But that's to be expected, the 0.5 is beta after all. It'll get there.
> I wound up going back, things just
> weren't working right at all. But
> that's to be expected, the 0.5 is
> beta after all. It'll get there.
I know what you mean. Some scripts work fine. But some that are meant to work on pages that are dynamically updated when a button is pressed, only work when they are initially loaded. After the button is click, and a few elements on the page are changed, all the changes that the GM script made are gone, and the page behaves as if the script isn't even loaded (I'm guessing it's probably not). I stripped the script down to its bare essentials, having it do one simple operation (change a text string to Bold). When the page initially loads, it works. Press the button (which doesn't affect the text being bolded), and it doesn't work. I'd love to post the page and script, but can't for security reasons.
Put up a concept page somewhere, that sounds interesting.
yeah it fails as soon as there's not ascii characters. any workaround ?
FYI, 0.5 beta works nicely with Seamonkey 1.7.8, but not Seamonkey 1.7.10. Anyone know why?
How do I hide new user script/install user script/manage user script with userchrome?
The "New User Script" menu item should instead be a button on the management panel, rather than taking up space on the Tool menu.
That non-ASCII character problem can be avoided by saving the affected scripts in UTF-8.
-- Tom W.M.
You ought to check the mozdev bugzilla bugs there, Tom.
This version breaks 2 scripts I'm using: "Slashdot single page view" and "Slashdot live comment tree", both available from the Wiki.
I can tell that the scripts are loading (they modify some text content on the page), but they don't seem to actually work. No errors appear in the Javascript console, but the scripts may be catching exceptions, haven't yet looked at their source.
Wrap the whole thing after the metadata in try{CODE GOES HERE};catch(e){alert(e)}
in Greasemonkey 0.3.5, when I go to "Manage User Scripts" and click "Edit" and then edit any user script, it doesn't change the information shown after I'm done.
i had to change it manually in config.xml.
could you fix this in 0.5 final?
Broken, broken, broken
Firefox 1.06
OSX.4.2
I installed the .51 from over at mozilla.
Not only did it delete all my scripts....
But GM no longer works. When I download a .JS or install from a webpage, it shows the linked item downloading...but it does not show up in Greasemonkey's window. It's just blank. I've uninstalled & reinstalled GM several times.
:(
Same happened to me, suddenly all my scripts where GONE and I can't add nor delete nor edit anything...greasemonkey just died on me. For what I saw at the greasemonkey page at Mozdev website, the same happened to several users. What happened??
Captivating blog. I love surfing the web for the
type of blogs that you do. It had me on the edge of my
seat and I kept going back to again and again!
Once you sign on, check for my medical staffing
blog.
Captivate blog. I surf the web for blogs this
nature.The site are wonderful and will be returned to
again!
No matter when you are, just stop by and check for my medical staffing
blog site.
Exciting blog. Your site was amazing and will be
back again! I never get tired of looking for blogs
just like this one.
Go and click my michigan jobs
blog.
Prodigious blog. Loved it so much I went to it
again! Just go online and search for blogs that are
worth the value as yours.
You must peep out my medical staffing
blog.
Super blog. I web surf when I have the time for
blogs like this one.Your site was nice and will be
visited again!
You got me! I will check out your fast cash advance loan blog a.s.a.p!
Hi there " boogs " --- I was in the search engines researching SEO Software when I came upon your blog..... I don't know if you are out of place in the engines, or I am out of place and just don't realize it :-)
Delightful blog. I devote my spare time just
looking for great blogs such as yours. I treasure this
site and will go back!
No matter when you are, just stop by and check for my cash advance blog site.
Striking blog. I liked the site I will be back
again! Websurfing is a good way to find blogs like
yours.
Everyday of the month you need to peep my fast cash advance loan blog.
Prodigious blog. Loved it so much I went to it
again! Just go online and search for blogs that are
worth the value as yours.
Want to see top notch work, peep my cash advance with savings account blog site for the bomb work!
Super blog. I web surf when I have the time for
blogs like this one.Your site was nice and will be
visited again!
Oh please, check for the blog site with my nokia 3220 tone!
Prodigious blog. Loved it so much I went to it
again! Just go online and search for blogs that are
worth the value as yours.
Go and click my blog.
Inspiring blog. I love finding blogs this good on
the internet, when I have the time. I'm going to go
back to it!
Go and find my hrdc job bank blog.
Inspiring blog. I love finding blogs this good on
the internet, when I have the time. I'm going to go
back to it!
Check out my michigan jobs blog, you won't be sorry!
Powerful blog. The site was incredible and will be
back again! Web surfing helps to find good blogs like
this one.
Please take a journey to my home jobs blog.
Astonshing blog. I relished in the site and you
know I will be going to it again! Surfing the internet
hepls me to find blogs that arfe just as good.
Sweetie, go and search my event jobs blog for what you need.
Excellent blog. Your site was great and will be
finding it again! I surf the net for blogs like
yours.
It may look like it was hard work, but my job listing blog was simple.
Fascinating blog. I loved the site you did a good
job on it, I will be back! I surf the net for blog
like this one.
I want you to look for my job listing blog.
Unusual blog. I liked the site its from so much I
have to visit it again! I surf the web for blogs like
yours in my spare time.
Go and find my online job search blog.
Captivate blog. I surf the web for blogs this
nature.The site are wonderful and will be returned to
again!
Check out my online job search blog, please!
Captivate blog. I surf the web for blogs this
nature.The site are wonderful and will be returned to
again!
Click on my hot jobs blog before its to late.
Unique blog my friend, I can hardly wait to vist
this site again. I just worship the site its comes
from! Believe me in my extra time I'm consistently
looking up blogs like this.
Stop by and look at my america job bank blog site.
Great blog. I surf the web looking for blogs like
this. Your site was on point and will be back again!
Please proceed to my free porn no credit card blog when you find the time.
Any news on the memory leaks front?
You ought to check the mozdev bugzilla bugs there, Tom.
Thank you, very interesting!
achat dvd viergeachat dvdachat mp3autoradio dvdautoradio mp3baladeur mp3boitier dvdcd musiquechanson francaisechanson paillardeparole chansonhoroscope poissonhoroscope sagittairehoroscope scorpionhoroscope taureauhoroscope verseauhoroscope viergehoroscopehoroscope lionhoroscope gemeaujeu de tarottarotzodiaquelogiciel comptablelogiciel de dessinlogiciel de gravuretelechargement logiciellogiciel de traductionlogiciel gratuitlogiciel montage photologiciel montage videologiciel mp3logiciel gratuitlogicielneroecran de veillefond d ecran ordinateurecran de projectionecran veilleecran plasmaecran de veille gratuitemoticone gratuitemoticonefond d ecran animalfond d ecran gratuitfond d ecran ordinateurfond d ecran pcfond ecran portabledivxdivx gratuitdivx playerdownload accedonkey 2000edonkeyemule fremule franceemule gratuitemule maniaemule paradiseemulefond d ecran sexyfond cranfond d ecran animalfond d ecran gratuitfond d ecran ordinateurfond ecran pcfond ecran sexyfond d ecranfondiconeicone xpillustrationimagefilm dvdfilm divxfrancaise des jeufrance musiquegraveur dvd externegraveur dvdinstrument de musiquejacquette dvdjaquette divxjaquette dvdlecteur divxaperitifchef recettecuisinerecette de cuisineporcpouletrecetterecette cuisinesoupe aux chouparole de chanson anglaispartition de musique pour pianopartition gratuite flute traversierelot partition tablature guitare beatlespartition de piano d amelie poulainpartition chanson francaiseDoes Your Mother KnowSlow Turningtablature guitare gratuite ille vilainetablature harmonicamsn plusnouvelle version msntelechargement msn messenger 7.5telecharger msn 7.5telecharger msn messenger 7.5telecharger msn messenger 8.0telecharger msn messenger gratuitementtelecharger msn messenger plustelecharger msn web messengertelecharger msntelecharger msnlecteur dvd divxlecteur dvd portablelecteur dvddriver pour lecteur dvd pioneerlogiciel lecture dvdlecteur mp3 baladeurlecteur baladeur mp3 usbtelechargement musique mp3musiquemusique a telechargemusique alsaceastuce jeu videoastuce jeu videoastucecasino jeucode jeuconsole de jeujeu a grattertelecharger jeujeu actionjeu adultejeu arcadeaccessoire voitureautomobilecode jeutuning motoparis tuning show 2006paris tuning showrallytuningvoiture tuningvoiturenero burningnero expresspack codecpiloteripperserveur emuleshareazaskypetelechargement p2ptelechargement logicieljeu de combatjeu de damejeu de footjeu grattage gratuitjeu hasardjeu de lulujeu de motojeu de rolejeu de strategiejeu de stylistejeu de voiture gratuitchanson pour enfantclip musiquecodec divxtelecharger codec windows media playercodeccombi dvd vhsconvertir wave en mp3copie dvddriverdriver hpdvd divxbanque postalecarte postale virtuellecarte postalehennemodèle de tatouagepiercing languepiercing nombrilpiercingtatootatouagemusique arabemusique classiquemusique countrymusique de filmmusique gratuitemusique gratuite a telechargerparole chansonparole de chanson francaiseparole et musiqueparole et musiqueparole chansonlogiciel antivirustelecharger jeuantivirus personalantivirus gratuitantivirus gratuitementnorton antivirusantivirus softwareantivirusavastavgbitdefenderfirewalllogiciel antiviruslogiciel antivirusmc afeenorton antivirusnortonspybottelecharger norton antivirustelecharger antivirustelecharger msn 7.5adresse msnastuce msnavatarbotmsn web messengerclin d oeil msne messengeremoticone gratuisemoticone gratuitemoticonejeu de voiturejeu diamantjeu diddljeu educatifjeu en ligne gratuitjeu en lignejeu en reseaujeu gratuit pour enfantjeu enfantjeu erotiquetelecharger divxtelecharger emuleacrobat readeracrobat readeracrobat readerad awareadobe acrobatbase de donneeclone cdclone dvdclone cdcompressionjeu aventurejeu barbiejeu cadeauxcasino jeujeu concours gratuitjeu concoursjeu d argentjeu d echecjeu de billard gratuitjeu de billardjeu cartetelecharger nero 6telecharger nero 7telecharger nerotraducteurtrillianwinampwin mxwinrarwinzipzone alarmemule plusencodeuricqimeshjavatelecharger kazaa litekazaa litetelecharger kazaakazaa litelogiciel architecturelogiciel batimentlogiciel comptabiliteemoticone msnmessenger msnmessengerastuce msnmsn web messengermsn 7.0msn 7.5msn messenger 7.0msn messenger 7.5msn messengermsnblague blondeblague droleblague humourblaguebonne blaguecarte postalevideo comiquediaporama humourpps humourhumour sexyvideo humourhumourimage humourpps humourvideo comiquejeu flashjeu frjeu grattagetelecharger jeu gratuitjeu gratuit enfantjeu gratuitjeu javajeu mobilejeu onlinejeu pc gratuitastrologie gratuiteastrologiehoroscope 2006horoscope balancehoroscope belierhoroscope cancerhoroscope capricornehoroscope chinoishoroscope gemeauhoroscope gratuithoroscope lionhoroscope mensueldvddvd decrypterdvd discountfilm dvddvd musiquedvd pas cherdvd playerdvd pornoecouter and de and la and musiquecomment telecharger un filmfilm a telechargerjeu pcjeu playstation 2jeu pornojeu videojeupc astucerom nintendoromsims 2 telechargementtrucs
anti spyware gratuitavast antivirusantivirus en ligneantivirus gratuitantivirus gratuitementantivirus pour scannerantivirus softwareantivirusavast antivirusavg antivirusavgbitdefendercomparatif antivirusetrustfirewalllogiciel antivirusmcafeemeilleur antivirusnorton antivirus gratuitnorton antivirustelecharger nortonpanda antivirusspybotspywaretelecharger antivirus gratuittelecharger antiviruszone alarm206 tuningaccessoire tuningaccessoire voiture tuningtuning autobmw tuningboitier tuningmoto tuningparis tuning showpiece auto tuningpiece tuningrallyscooter tuningtuning autotuningvoiture tuningblague blondeblague de totoblague droleblague du jourblague humourblague sur les blondeblague telephoneblague videoblaguevideo comiquediaporama humourblague humourhumour et blaguehumour gratuithumour noirhumour sexehumour sexyvideo humourhumourimage comiqueimage humourpps humourblague videovideo comiquevideo humourace mega codecacrobat readerad awarebaladeur mp3clone cdclone dvdcodec audiocodec avicodec divxcodec dvdcodec gratuitpack codeccodec videocodec xvidcodeccompressionconvertir mp3convertisseur mp3codec divxdivx gratuitdivx playerdivxdownload acceleratordriverdvd divxdvd playerdvdedonkey 2000edonkeyemule fremule franceemule gratuitemule paradiseemule plusemuleencodeur mp3enregistreur dvdgraveur dvdhp drivericqimeshjaquette dvdjavakazaa litekazaalecteur mp3logiciel a telechargerlogiciel antiviruslogiciel architecturelogiciel comptabilitelogiciel dessinlogiciel de gravuretelechargement logiciellogiciel de traductionlogiciel gratuitlogicielnero burning romnero expresspack codecripperserveur emuleshareazaskypetelechargement logiciel gratuittelechargement logicieltelechargement p2ptelecharger acrobat readertelecharger ad awaretelecharger antivirustelecharger avasttelecharger divxtelecharger e muletelecharger emule gratuittelecharger emule gratuitementtelecharger emulejeu gratuit a telechargertelecharger javatelecharger kazaa litetelecharger kazaatelecharger nero 6telecharger nero 7telecharger nerotelecharger real playertelecharger shareazatelecharger skypewinamptelecharger winziptelechargertraducteurtrillianwinmxwinrarwinzipzone alarmecran de veille gratuitecran de veillefond d ecran gratuitfond d ecran pcfond ecran sexyfond ecraniconeclone dvdmp3 gratuitlecteur mp3musique mp3prix mp3sonnerie mp3telechargement musique mp3telecharger chansontelecharger codectelecharger mp3 gratuittelecharger mp3tous les driveradresse msnastuce msnavatarclin d oeil msnclin oeilemoticone gratuitemoticone msnemoticonemsn messengermsn 7.5msn messenger 7.5msn messengermsn plusmsn web messengermsn web messengermsnnouvelle version msntelecharger emoticonetelecharger messenger 7.5