[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] augmented browsing -



haaber <haaber <at> web.de> writes:
> Thank you for your answer. I should have mentionoed that I have tried
> Greasemonkey some time ago. But it is javascript based. None of the
> example-scripts worked on a JS-deactivated firefox.  Am I wrong?

This may have been true in the past, but not anymore. i think the original
version of Greasemonkey worked by essentially injecting custom JS code into
the page, so the custom scripts would run in the page's context. Nowadays,
however, Greasemonkey and NoScript work just fine together. I use both every
day.

> A sed / awk whatsoever is at least as powerful, more secure (code tested
> for decades), and easy relatively to use, at least if you want
> to browse JS-free.
> 
> - How to transform JS-enforcing codes like
>   <span class=BS" dara-src="link"> into <img="link"> on the fly?
>   Or codes like [link="[http://...";] into <href="http://...";>
> 
> - How add a little openstreetmap into eBay or your favourite private
>    local ads site that indicate the location of an object to sell?
> 
> and so forth. One/two lines of sed suffise in each case. Greasemonkey
> seems to need JS activated (=security hole), and any of the above tasks
> takes 30 lines of code.

It's true that the Javascript code will be longer and perhaps more difficult
to write. On the other hand it will also be more robust for all but the
simplest sorts of preprocessing. I'd be remiss in not mentioning a certain
well-known stackoverflow post:
<https://stackoverflow.com/questions/1732348/#answer-1732454>

As for security, it's true that Greasemonkey scripts potentially increase
your attack surface, especially if you use them on pages that are also
whitelisted in NoScript. You certainly shouldn't install scripts from
untrusted sources, and be very suspicious of anything that uses
unsafeWindow. Simple substitutions like you're describing shouldn't be a
significant risk, though.

I haven't ever heard of a tool like you're describing, but it's not a bad
idea, simpler than writing JS and harder to accidentally compromise your
security/anonymity. Perhaps some sort of combination of regexps and XPath to
get the best of both worlds.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk