InformAction Forums

I was thinking of making a local site info page which could also double as a local keyword.URL handler. It needs scripting but I don't want to allow file:// universally. Giorgio, can an extension (NoScript) assist with this? Can there be a noscript chrome page which is user editable, or gets a user editable piece injected? Or some other technique?

Why don't you serve it from a local web server?

Another idea: couldn't you "enhance" it using GreaseMonkey (user scripts run no matter page's permissions, and you'd get cross site XHR for free)?

Giorgio Maone wrote:Why don't you serve it from a local web server?

I don't normally run one. Seems like overkill to have a web server dependency. If you happen to know if this is possible with an extension, can you please explain, even if you think it's not worth doing.

Giorgio Maone wrote:Another idea: couldn't you "enhance" it using GreaseMonkey (user scripts run no matter page's permissions, and you'd get cross site XHR for free)?

Thanks, I didn't know GM scripts always ran, I though it just injected scripts into the page and needed page permissions. What do you think about GM in general, is it exploitable? It had some issues early on, I think.

al_9x wrote: What do you think about GM in general, is it exploitable? It had some issues early on, I think.

Yes it had some issue in the past, which prompted several enhancement in XPCWrappers (the interfaces between unsafe content and chrome JavaScript).
Today it's probably much less exploitable than most other extensions, unless you install some unsafe userscript (e.g. one which uses wrappedJSObject to unwrap unsafe content).