August 2006
June 2006
November 2005
O'Reilly Network: Avoid Common Pitfalls in Greasemonkey
by ecmanaut
Well written and detailed article on why Greasemonkey has to have its 0.5+ sandbox.
October 2005
August 2005
July 2005
Greasemonkey in crisis
by François Hodierne & 2 others (via)
Very poor article. I believed Jon Udell was a good guy.
Simon Willison: Understanding the Greasemonkey vulnerability
by svartling & 4 others (via)
If you have any version of Greasemonkey installed prior to 0.3.5, which was released a few hours ago, or if you are running any of the 0.4 alphas, you need to go and upgrade right now. All versions of Greasemonkey aside from 0.3.5 contain a nasty security hole, which could enable malicious web sites to read any file from your hard drive without you knowing. #
Greaseblog: Mandatory Greasemonkey Update
by digitalmonkey
"The flaw allows any website which matches at least one user script (even * scripts) to read any local file on your machine, or to list the contents of local directories".
XML.com: Secure RSS Syndication
by svartling & 10 others (via)
I have a problem. It's actually a pretty common problem. I have data that I want to syndicate to myself, but I don't want you to see it. It's private. Now this could be my credit card balance or internal bug reports for the day job. Either way, I want the information in a form suitable for syndication but not available to everyone.
March 2005
Cross-domain XMLHttpRequest via Greasemonkey
by François Hodierne
Jeremy Dunck points out that Aaron Boodman has posted a patch to the Greasemonkey mailing list which allows the XMLHttpRequest object to reach across domains.
1
(17 marks)
