[tor-talk] Download Helper
Olivier Cornu
o.cornu at gmail.com
Sun Jan 5 02:01:15 UTC 2014
On Sat, Jan 4, 2014 at 11:37 PM, Lunar <lunar at torproject.org> wrote:
> > If this is just about transforming the URL, couldn't you use an HTTPS
> > Everywhere rule? Then you wouldn't have to install ( and audit :) )
> > Greasemonkey.
>
> I had more in mind of locating the “normal” video window, and replacing
> it with an iframe with the “embed” version. Isn't that the kind of
> things that Greasemonkey can do?
>
Yes, i guess it can. But it wouldn't address the security challenge of
integrating GM. If only for a temporary youtube fix, is it really worth it?
I haven't checked the project in the last couple years, yet in the past GM
had to deal with significant security issues.
As so many projects it grew from a few hacks and ended much wider than ever
intended, with the usual design and coding scars. But the main obstacle was
that it introduced a new level of privilege between embedded javascript and
chrome code, which was not intended to exist in firefox and impossible to
enforce in pure javascript. It was long the case that, although relatively
safe when used properly, it could quickly be used in unsafe ways -- even in
good faith.
I guess it's gotten better since…
___
ɹǝıʌıןo
More information about the tor-talk
mailing list