Tuesday, June 17, 2014

Sandbox API Changes in Greasemonkey 2.0

Since version 1.0 in August 2012, Greasemonkey has supported two modes: the legacy mode with privileged APIs available to the script, and a newer unprivileged mode.

When version 1.0 was initially released, this new unprivileged mode was not the default.  In fact, a script was required to explicitly opt in to this new behavior, by specifying @grant none, or opt out by  requesting access to any privileged API.  At that time, Greasemonkey would detect API usage by scripts that requested no @grant one way or the other, automatically applying what it considered the right values.  This was intended to make the migration from the legacy execution model to the new model smooth.

Today, many if not most or all scripts correctly request the APIs they need with @grant.  So as of version 2.0, Greasemonkey now defaults to @grant none.  It does not detect used-but-not-specified APIs, and an absence of all @grant lines means it will assume none.

No comments: