Posted Jul 28, 2005 4:45 UTC (Thu) by jwb
In reply to: Confused deputy
Parent article: Greasemonkey gets into trouble
No, it really isn't. The problem here is that greasemonkey works by injecting strings into an untrusted markup stream, when it should have been programmatically fiddling the model using priviledged APIs. Mozilla already has the the security model you recommend, but greasemonkey poked a big hole in it.
to post comments)