Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
The Internet Mozilla Programming IT Technology

Hacking the Web with Greasemonkey 512

Posted by Zonk
from the rolling-your-own-interweb dept.
plasticmillion writes "Greasemonkey is a revolutionary Firefox extension that many feel has enormous implications for the future evolution of the web. By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers. Since its inception, it has given rise to an impressive array of scripts for everything from enhancing Gmail with one-click delete functionality to preventing Hotmail from spawning new windows when you click on external links. In recent Greasemonkey news, Mark Pilgrim just published a comprehensive primer called 'Dive Into Greasemonkey', a must-read for those who want to try their hand at writing their own scripts. It should be noted that Greasemonkey is not without controversy, but this has done nothing to reduce its popularity among web programmers. Even Opera has jumped on the bandwagon with their own version of user scripts. To illustrate the principle to /.ers, I whipped up a handy little script called 'Slashdot Live Comment Tree', which lets you expand and collapse entire threads in an article's comments."
This discussion has been archived. No new comments can be posted.

Hacking the Web with Greasemonkey

Comments Filter:
  • by akadruid (606405) <slashdot@@@thedruid...co...uk> on Monday May 16, 2005 @07:52AM (#12542176) Homepage
    I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen.

    That's why GreaseMonkey exists. It allows firefox to do the work your eyes and hands must otherwise do - it gets you the information you're after, not what the designer fancies.

    (I actually like your site design, and I think it is great you are releasing your work under the GPL and your content under a CC license)
  • You know you need to disable those default scripts that come with the extension, right?

    Or at least set them so they don't execute on that particular site...
  • Safari (Score:4, Informative)

    by sameerd (445449) on Monday May 16, 2005 @08:03AM (#12542289) Homepage
    This is not specific to Firefox and Opera. One can use Applescript to make Safari to run Javascript on webpages. From http://www.apple.com/applescript/safari/ [apple.com] we have
    Safari now includes a do JavaScript command that enables AppleScript to communicate with the browser via JavaScript!
  • by Anonymous Coward on Monday May 16, 2005 @08:07AM (#12542337)

    already been done [daishar.com]

    see how much people dislike that geeza ? if this was a pub he would of been slapped up and kicked out a long time ago
  • by masklinn (823351) <slashdot.org@maskli[ ]net ['nn.' in gap]> on Monday May 16, 2005 @08:09AM (#12542352)
    I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen.
    Doesn't the fact that it's plain and simply impossible kinda suck?
    Greasemonkey is nothing but "the easy way", but client side modification of a website has been live for years:
    • Proximitron allows advanced filtering
    • Specific Firefox extensions do, too (think about Slashfix)
    • Bookmarklets are fairly powerful, check MODI [slayeroffice.com] for example
    • For god's sake, there are so much differences from one browser to another one that one can tweak what he seens by changing browser
    • Custom/client side CSS, Opera has had them for a very long time, Firefox has that too, and you can more than likely find bookmarklets allowing you to load custom CSS in your browser
    The fact is that you seem not to know an important rule of web design: the way you indent your website to be displayed is nothing but a mere suggestion, and the surfer is 100% free to fully ignore your hints if he doesn't want it [evpc.biz]
    Don't want that? don't create websites. Your websites are not here for you and if they are they shouldn't be online, websites are for the visitor and he can do whatever he wants with the data he receives (including sending the whole content of your website to /dev/null if he finds it funny)
  • by darkmyst (590375) on Monday May 16, 2005 @08:15AM (#12542414)
    In order to avoid $50 articles, I found this [com.com] article which did talk about some potential security problems with greasemonkey. It seems hackers could make scripts that behave maliciously. According to the article, even the original greasemonkey developer has expressed concerns along those lines.
  • by mfh (56) on Monday May 16, 2005 @08:16AM (#12542432) Homepage Journal
    (I actually like your site design, and I think it is great you are releasing your work under the GPL and your content under a CC license)

    Thank you! :-)

    I am getting killed by my comment about Greasemonkey, but I have to put it plainly to everyone:

    I provide my content with a Creative Commons license. Everyone is free to modify it. Everyone is free to use the code that generated the website (well soon enough, it's just about ready to be released) and everyone can use my RSS to reformat my site and syndicate it. Things like Google's toolbar that actually rewrites text to give their partners and advantage over my own affiliates, really bothers me. Things like this toolbar that lets you perform website automation (that could result in XSS/client-side script attacks) also has the potential for danger, IMHO.

    That's the reason I have sided against Greasemonkey on *my sites*. But hey, if you want to use it to get your Hotmail easier -- fine. But I wouldn't use Hotmail anyway. :-)
  • by DustMagnet (453493) on Monday May 16, 2005 @08:18AM (#12542455) Journal
    I love it, but there is one issue that I have with it. It injects its scripts at the end of the web page.

    I use Proxomitron. It is much like greasemonkey, but it uses regular expressions. There are plenty of "scripts" included and many run at the top of the page to disable problem javascript.

  • It looks like this was a partial example of the problem sitting between chair and screen.

    The particlar site is using iframes and GreaseMonkey summarily hides those tags in its default configuration. Excluding the site manually brings it back to life.

    However, this means GreaseMonkey becomes thus a Geek-only tool. I can not ask of my mother or wife to know about such problems and manually configure exceptions if things don't work.

    Markus

  • by AstroPup (266218) on Monday May 16, 2005 @08:31AM (#12542593) Homepage
    Did you check out his site? He releases his stuff work under the GPL and his content CC.

    He even provides an XML feed for you to format to your hearts content.

    Yeah, big supporter of the MPAA/RIAA there!
  • by bgarcia (33222) on Monday May 16, 2005 @08:39AM (#12542666) Homepage Journal
    I use Proxomitron. It is much like greasemonkey, but it uses regular expressions.
    I've used proxomitron too. It doesn't have this problem because it runs as an HTTP proxy, so it changes the web page before the browser ever sees it.

    But the problem I have with proxomitron is that it's a bunch of regexp matches instead of a scripting language. I've yet to figure out how to get a regexp match that spans more than one line as well. But yes, proxo works well for my particular complaint about greasemonkey.

  • Platypus (Score:5, Informative)

    by Dr. Pain (27986) on Monday May 16, 2005 @08:43AM (#12542708)
    Platypus (http://platypus.mozdev.org/ [mozdev.org]) is an extension for visually editing web pages to your liking and then creating a Greasemonkey script that will repeat those changes the next time you load the page. It's Greasemonkey without the programming, if you will.

    "One of the most jaw dropping extensions that I have seen to date." --Anders Conbere

    Check it out.

    -- Scott Turner

  • by emag (4640) <slashdot&gurski,org> on Monday May 16, 2005 @08:47AM (#12542746) Homepage
    No. Sorry. It's not your information. It doesn't belong to anyone. Those that chose to display information a certain way are in their right to do such and lame excuses to justify the bastardization of their attempts to come off a certain way are the rant of the uninformed zealot with a "screw you all" mentality. ...

    It's not something everyone has to get all up in arms about. It's a presentation of information. If you don't like it, go somewhere else! If he chooses to display it and prevent this extension from running on his site, so be it! He's well within his rights to do such.


    I suppose from the above statements that you're opposed to the level of control most browsers ALREADY give over the display of content? To wit, in Firefox I can go to Edit->Preferences->General, and in there override fonts and colors so that the page's fonts, font sizes, and colors aren't used. I can choose to force links to be displayed with underlines. Under Edit->Preferences->Web Features, I can override popups, javascript, image loading, etc, as well as provide exceptions to most of those... Under Edit->Preferences->Advanced, I can control the resizing of images, force links to open in new tabs, etc. Additionally, if I set up proxies, I can force all my connections to go through privoxy, blocking ads and the like. I can also choose to not install flash, making websites that use it extensively stand out pretty sorely.

    All of these settings can be viewed as a bastardization of designers' attempts to display information in a certain way. And most of these settings have been around since the early 1.x days of Netscape Navigator. GreaseMonkey appears to be the logical extension of these settings to the CSS world.

    All the HTML markup in the world serves a single purpose---to suggest how a browser should display something to approximate what the originator had in mind. Nothing has ever said that HTML is an imperative command to display something ONLY one way.
  • by Mike1024 (184871) on Monday May 16, 2005 @08:49AM (#12542770)
    Could be useful for Slashdot then

    Well, I'm sure pleased with the Slashdot Recolour [mkgray.com] script...

    Michael
  • by kayle (73168) on Monday May 16, 2005 @09:17AM (#12543090)
    My favorite use of Greasemonkey is the mojoDNA extension of Google Maps to include Boston's public transportation, the MBTA. It's completely seamless!

    Dev. website:
    http://mojodna.net/2005/04/19/mbta-maps/ [mojodna.net]
    Direct link to the Greasemonkey script:
    http://maps.mojodna.net/mbta/mbta_google_maps.user .js [mojodna.net]

  • by Tony (765) on Monday May 16, 2005 @09:19AM (#12543117) Journal
    Make every single page one colossal image with an image map for links!

    Funny you should mention that. My first introduction to FrontPage was working on a non-profit website. They wanted me to make some "quick changes" to their site. I looked at their site-- it was a GIANT IMAGE of a webpage (text and all), with image maps and rollovers for links. The page could have been laid out with tables with no problems (this was in the ugly days before the DOM and CSS), but their previous web designer opted for this lame method.

    So, it is a method that has been used before. Damn the unpredictable nature of the web! Double-damn user control!
  • by telbij (465356) on Monday May 16, 2005 @09:53AM (#12543474)
    No, people who use page modifying settings are not mostly people who know what they're doing. For example, there are readymade user-stylesheets for blocking ads. People want to block ads, but they can't be bothered to learn how to do it so that they know how to fix problems which are a result of ad-blocking.

    I'm sorry, but where's the evidence? I know tons of people who switched to Firefox, but not a single layperson installing extensions or user stylesheets. I've fielded hundreds if not thousands of complaints about my sites (at a large public University), many of which were due to some form of user error, but nothing ever sounded like the result of browser customization. My experience may be anecdotal, but it's based on 5 years professional experience over a diverse user base. What's your experience?
  • by Kopretinka (97408) on Monday May 16, 2005 @10:16AM (#12543696) Homepage
    Scott, I'm short-sighted and I like my fonts nice and big, with the best readable font about 18pt on my current display. Why exactly does your site require me to use 180% zoom to get the text that I'm supposed to read there to the font size that I prefer to read? If you could, would you disable my browser's zoom capability (or window resize capability) so that your site always looks exactly as you want?

    The author controls what the site looks like by default, but the user may want to set the font size, the fonts themselves, the colors or indeed the layout as they wish, within their abilities of course. Those users know what they're doing and they don't affect your site's presentation for other users that don't do any tweaking. I expect that the ability to disable Greasemonkey like you do is a bug and will be fixed. 8-)

  • by digitalprimate (816971) on Monday May 16, 2005 @11:41AM (#12544512)
    Forrester is another Beantown research company (and not a particularly good one, IMHO) focused on tech. Some of there reports run into the thousands of dollars, so this one's a cheapy by their standards.
  • by douglask (205604) on Monday May 16, 2005 @11:45AM (#12544552) Homepage

    As GreaseMonkey.MozDev.Org is slashdotted, here's the obligitory link to get Greasemonkey:
    Install/Download GreaseMonkey [mozdev.org]

    Enjoy!

  • Re:this is why... (Score:4, Informative)

    by plasticmillion (649623) <matthew@allpeers.com> on Monday May 16, 2005 @11:47AM (#12544559) Homepage
    It should be pointed out that the people who created Greasemonkey are in no way connected to Firefox. The really brilliant thing that the Mozilla folks did was not to think of ideas like Greasemonkey, it was to deploy an architecture open enough to let other people extend the browser in unexpected directions. In my view this is by far the most revolutionary thing about Firefox, and what we see today is only the tip of the iceberg. Once more programmers become familiar with the Firefox model and better IDEs become available, we're going to see some really incredible stuff.
  • by julesh (229690) on Monday May 16, 2005 @01:22PM (#12545627)
    By changing the structure of the page, you're going to potentially break pages that dynamically change themselves.

    Fine. But script developers are going to see this, realise that their script doesn't work and either (1) fix it, or (2) abandon the idea. If the problems are more subtle, then the user's going to know they installed a script that's changing the page, and are going to try disabling it first to see if that fixes the problem...

    This is a power user feature, not something your average newbie is going to install and use straight away...
  • Re:um which one? (Score:3, Informative)

    by Alsee (515537) on Monday May 16, 2005 @01:35PM (#12545793) Homepage
    which article costs money to read?

    This one. [forrester.com] In the slashot story it is the link on the word "controversy".

    There's a one paragraph blurb claiming "But IT managers beware: Greasemonkey will cause you nothing but headaches, and may even be a good reason to delay that Firefox pilot you're planning", but giving absolutely no reason. If you look on the right it says:
    Buy this research
    Price: US$49.00
    Report Length: 3 pages


    I really don't think Slashdot should bother linking to a page with absolutely NO information on it and requesting a payment to get info.

    -
  • by jayloden (806185) on Monday May 16, 2005 @01:41PM (#12545875)
    I must agree...I've got 1920x1200 resolution right now, which is normally ridiculous for me - I prefer something like 1280x1024 - but with my current video card and monitor, that's the only non-weird setting I can use.

    Subsequently, the site looks very odd and appears to have rendering problems (missing navigation links, etc).

    I can sympathize totally with the desire for the site to look the way you designed it...I've spent hours and hours and hours doing this on the sites I work on, trying to make sure they look the way I intended them to, even if the person uses really big fonts, etc.

    I once tried to force font sizes, etc. But eventually I came to the conclusion that people are determined to do bizarre things, like view the site on an 800x600 resolution with font size set on LARGEST for IE (maybe some new glasses are in order?), etc. So now I take the approach of designing the site to look pretty much the same no matter how absurd (from a designers point of view) your font choices or screen size. I have http://philambdaupsilon.org/ [philambdaupsilon.org] and http://jayloden.com/ [jayloden.com] both set up to work this way at the moment (at least I hope so, I can't test everything!).

    I still cringe to think that someone would be viewing my site so bizarrely, but I've given up on trying to prevent it. I just try to make sure the site degrades gracefull if viewed with text browsers, huge resolution, tiny fonts, huge fonts, etc.

    -Jay
  • by jdunck (620920) on Monday May 16, 2005 @02:57PM (#12546705)
    Greasemonkey scripts are bound by the same restrictions as any other javascript.

    No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.

    I'm a dev on GM, and I'd like to shed some light.

    First, yes, GM is in the same security sandbox as the page script. It does not run as local script.

    The threat model of a user script is the very same as a bookmarklet, except that user scripts get injected without clicks, meaning that the user could forget about some installed script.

    If someone installs an Evil(tm) script, it can run on pages that the evil person doesn't control, and provide data back to the evil person.

    Note that such evil can be delivered in other ways (bookmarklets, toolbars, etc) which are trojans. You should consider every user script as a possible trojan. So yeah, don't install scripts that do evil things, and if you're not sure, don't install.

    We're working on a community-policed user script directory which can confer some level of trust. It's not ready yet. We were slashdotted a little too early. ;) The wiki page (when it's back up) was something I put up when I first saw GM, because it clearly needed some sort of directory to get some momentum. It's now a stopgap until something more structured is completed. You might try delicious [del.icio.us] as another directory.

    Also, Greasemonkey supplies some interesting functions to the user script context, including GM_xmlhttpRequest, which allows cross-domain page requests. Couple this with GM_setValue and GM_getValue, and a user script can indeed very effectively share data between different web apps. Before you wail in terror, note that information could be sent to evil third-party domain already by using scripted image tags, iframes, and form posts. GM only opens up an easier way to share data; it does not allow anything that's truly new in this respect.

"It's ten o'clock... Do you know where your AI programs are?" -- Peter Oakley

Working...