Greasemonkey 脚本学习

Greasemonkey是FireFox下的一款优秀的扩展,他允许用户通过自定义脚本来

操作指定域中的页面中的内容。

其中,用户自定义的js是在sandbox中运行,一旦执行完毕,没有对该js中的对象的引用的时候,则Greasemonkey负责在后台抹除 user js的痕迹,来达到避免和页面js冲突的目的。但是这个却给我制造了点麻烦。沙箱制造的特点是user js中的对象无法持久存在,因此无法直接在user js中定义函数然后hook掉页面中原有的js函数。

另外一个就是user js和页面js的执行顺序。测试发现,user js是在page js执行完成,也就是定义等动作全部完成后才执行的,这就为hook替换原来的函数提供了可能。

晚上回去,翻文档,终于翻到能用的部分。

unsafeWindow,通过GM中定义的该变量,user js可以操纵和替换原页面中的js函数或者js变量值。

script-compiler.php是一个专门针对GM的程序,可以把自定义的用户js编译成可以直接安装的FF扩展,这样就可以在GM下开发js,然后用script-compiler.php打包成扩展后使用,非常的方便。

附上修改的例子,script-compiler.php,免的以后找不到

gm.rar

原文描述如下:

UnsafeWindow

From GreaseSpot

Jump to: navigation, search
The correct title of this article is unsafeWindow. The initial letter is shown capitalized due to technical restrictions.

This command can open certain security holes in your user script, and it is recommended to use this command sparingly.

Please be sure to read the entire article and understand it before using it in a script.

 

[edit] Description

This API object allows a User script to access "custom" properties--variable and functions defined in the page--set by the web page.

This is done by bypassing Greasemonkey's XPCNativeWrapper-based security model. The unsafeWindow object is shorthand for window.wrappedJSObject. It is the raw window object inside the XPCNativeWrapper provided by the Greasemonkey sandbox.

  • USE OF UNSAFEWINDOW IS INSECURE, AND IT SHOULD BE AVOIDED WHENEVER POSSIBLE.

User scripts absolutely should not use unsafeWindow if they are executed for arbitrary web pages, such as those with @include *. User script authors are strongly encouraged to learn how XPCNativeWrappers work, and how to perform the desired function within their security context, instead of using unsafeWindow to break out.

Examples | Alternatives to unsafeWindow | Notes

[edit] Syntax

unsafeWindow

Value: Object
Returns: Variant
Compatibility: Greasemonkey 0.5b+

top

[edit] Examples

  unsafeWindow.SomeVarInPage "Testing";

unsafeWindow.SomeFunctionInPage("Test");

var oldFunction unsafeWindow.SomeFunctionInPage;
 
unsafeWindow.SomeFunctionInPage = function(text) {
   
alert("Hijacked! Argument was " text ".");
   return 
oldFunction(text);
 };

For issues with GM_getValue, GM_setValue and GM_xmlhttpRequest, see see 0.7.20080121.0_compatibility.

« 上一篇 | 下一篇 »

发表评论

评论内容 (必填):