Wednesday, September 23, 2015

The Location Hack Is Dead

For most of Greasemonkey's history (since version 0.5 in 2005, until version 2.0 in 2014, still today if the script @grants privileged APIs) scripts were guaranteed to operate in a restricted scope.  Interacting with scripts on the page was difficult.  The "location hack" was a technique designed to bridge this gap.

As of Firefox 39.0.3 (due to a security related update) the location hack was broken.  All the user scripts which relied on it broke along with that update.

This post is just to get the word out that the location hack is no longer necessary.  Read more at the wiki's Content Script Injection page, but the short answer is that if your script previously needed the location hack, you should be able to replace it with window.eval() and continue on your way.

No comments: