Hacking the Web with Greasemonkey 512
plasticmillion writes "Greasemonkey is a revolutionary Firefox extension that many feel has enormous implications for the future evolution of the web. By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers. Since its inception, it has given rise to an impressive array of scripts for everything from enhancing Gmail with one-click delete functionality to preventing Hotmail from spawning new windows when you click on external links. In recent Greasemonkey news, Mark Pilgrim just published a comprehensive primer called 'Dive Into Greasemonkey', a must-read for those who want to try their hand at writing their own scripts. It should be noted that Greasemonkey is not without controversy, but this has done nothing to reduce its popularity among web programmers. Even Opera has jumped on the bandwagon with their own version of user scripts. To illustrate the principle to /.ers, I whipped up a handy little script called 'Slashdot Live Comment Tree', which lets you expand and collapse entire threads in an article's comments."
Re:Disable Greasemonkey (Score:5, Informative)
That's why GreaseMonkey exists. It allows firefox to do the work your eyes and hands must otherwise do - it gets you the information you're after, not what the designer fancies.
(I actually like your site design, and I think it is great you are releasing your work under the GPL and your content under a CC license)
Re:Excellent Idea, but breaks Websites (Score:4, Informative)
Or at least set them so they don't execute on that particular site...
Safari (Score:4, Informative)
Re:Let's use this to our advantage (Score:5, Informative)
already been done [daishar.com]
see how much people dislike that geeza ? if this was a pub he would of been slapped up and kicked out a long time ago
Re:Disable Greasemonkey (Score:5, Informative)
Greasemonkey is nothing but "the easy way", but client side modification of a website has been live for years:
Don't want that? don't create websites. Your websites are not here for you and if they are they shouldn't be online, websites are for the visitor and he can do whatever he wants with the data he receives (including sending the whole content of your website to
Dangers of Greasemonkey (Score:5, Informative)
Re:Disable Greasemonkey (Score:2, Informative)
Thank you!
I am getting killed by my comment about Greasemonkey, but I have to put it plainly to everyone:
I provide my content with a Creative Commons license. Everyone is free to modify it. Everyone is free to use the code that generated the website (well soon enough, it's just about ready to be released) and everyone can use my RSS to reformat my site and syndicate it. Things like Google's toolbar that actually rewrites text to give their partners and advantage over my own affiliates, really bothers me. Things like this toolbar that lets you perform website automation (that could result in XSS/client-side script attacks) also has the potential for danger, IMHO.
That's the reason I have sided against Greasemonkey on *my sites*. But hey, if you want to use it to get your Hotmail easier -- fine. But I wouldn't use Hotmail anyway.
Re:Greasemonkey needs to inject scripts sooner (Score:2, Informative)
I use Proxomitron. It is much like greasemonkey, but it uses regular expressions. There are plenty of "scripts" included and many run at the top of the page to disable problem javascript.
Re:Excellent Idea, but breaks Websites (Score:3, Informative)
It looks like this was a partial example of the problem sitting between chair and screen.
The particlar site is using iframes and GreaseMonkey summarily hides those tags in its default configuration. Excluding the site manually brings it back to life.
However, this means GreaseMonkey becomes thus a Geek-only tool. I can not ask of my mother or wife to know about such problems and manually configure exceptions if things don't work.
Markus
Re:Disable Greasemonkey (Score:3, Informative)
He even provides an XML feed for you to format to your hearts content.
Yeah, big supporter of the MPAA/RIAA there!
Re:Greasemonkey needs to inject scripts sooner (Score:4, Informative)
But the problem I have with proxomitron is that it's a bunch of regexp matches instead of a scripting language. I've yet to figure out how to get a regexp match that spans more than one line as well. But yes, proxo works well for my particular complaint about greasemonkey.
Platypus (Score:5, Informative)
"One of the most jaw dropping extensions that I have seen to date." --Anders Conbere
Check it out.
-- Scott Turner
Re:Disable Greasemonkey (Score:5, Informative)
It's not something everyone has to get all up in arms about. It's a presentation of information. If you don't like it, go somewhere else! If he chooses to display it and prevent this extension from running on his site, so be it! He's well within his rights to do such.
I suppose from the above statements that you're opposed to the level of control most browsers ALREADY give over the display of content? To wit, in Firefox I can go to Edit->Preferences->General, and in there override fonts and colors so that the page's fonts, font sizes, and colors aren't used. I can choose to force links to be displayed with underlines. Under Edit->Preferences->Web Features, I can override popups, javascript, image loading, etc, as well as provide exceptions to most of those... Under Edit->Preferences->Advanced, I can control the resizing of images, force links to open in new tabs, etc. Additionally, if I set up proxies, I can force all my connections to go through privoxy, blocking ads and the like. I can also choose to not install flash, making websites that use it extensively stand out pretty sorely.
All of these settings can be viewed as a bastardization of designers' attempts to display information in a certain way. And most of these settings have been around since the early 1.x days of Netscape Navigator. GreaseMonkey appears to be the logical extension of these settings to the CSS world.
All the HTML markup in the world serves a single purpose---to suggest how a browser should display something to approximate what the originator had in mind. Nothing has ever said that HTML is an imperative command to display something ONLY one way.
Re:Choice quote from 'Dive Into Greasemonkey' (Score:3, Informative)
Well, I'm sure pleased with the Slashdot Recolour [mkgray.com] script...
Michael
MBTA extension for Google Maps (Score:5, Informative)
Dev. website:r .js [mojodna.net]
http://mojodna.net/2005/04/19/mbta-maps/ [mojodna.net]
Direct link to the Greasemonkey script:
http://maps.mojodna.net/mbta/mbta_google_maps.use
Not far from the truth (Score:3, Informative)
Funny you should mention that. My first introduction to FrontPage was working on a non-profit website. They wanted me to make some "quick changes" to their site. I looked at their site-- it was a GIANT IMAGE of a webpage (text and all), with image maps and rollovers for links. The page could have been laid out with tables with no problems (this was in the ugly days before the DOM and CSS), but their previous web designer opted for this lame method.
So, it is a method that has been used before. Damn the unpredictable nature of the web! Double-damn user control!
Re:Disable Greasemonkey (Score:3, Informative)
I'm sorry, but where's the evidence? I know tons of people who switched to Firefox, but not a single layperson installing extensions or user stylesheets. I've fielded hundreds if not thousands of complaints about my sites (at a large public University), many of which were due to some form of user error, but nothing ever sounded like the result of browser customization. My experience may be anecdotal, but it's based on 5 years professional experience over a diverse user base. What's your experience?
Re:Disable Greasemonkey (Score:3, Informative)
The author controls what the site looks like by default, but the user may want to set the font size, the fonts themselves, the colors or indeed the layout as they wish, within their abilities of course. Those users know what they're doing and they don't affect your site's presentation for other users that don't do any tweaking. I expect that the ability to disable Greasemonkey like you do is a bug and will be fixed. 8-)
Re:Parent makes very good point (Score:2, Informative)
Obligitory Mirror post... (Score:2, Informative)
As GreaseMonkey.MozDev.Org is slashdotted, here's the obligitory link to get Greasemonkey:
Install/Download GreaseMonkey [mozdev.org]
Enjoy!
Re:this is why... (Score:4, Informative)
Re:Disable Greasemonkey (Score:3, Informative)
Fine. But script developers are going to see this, realise that their script doesn't work and either (1) fix it, or (2) abandon the idea. If the problems are more subtle, then the user's going to know they installed a script that's changing the page, and are going to try disabling it first to see if that fixes the problem...
This is a power user feature, not something your average newbie is going to install and use straight away...
Re:um which one? (Score:3, Informative)
This one. [forrester.com] In the slashot story it is the link on the word "controversy".
There's a one paragraph blurb claiming "But IT managers beware: Greasemonkey will cause you nothing but headaches, and may even be a good reason to delay that Firefox pilot you're planning", but giving absolutely no reason. If you look on the right it says:
Buy this research
Price: US$49.00
Report Length: 3 pages
I really don't think Slashdot should bother linking to a page with absolutely NO information on it and requesting a payment to get info.
-
Re:Disable Greasemonkey (Score:3, Informative)
Subsequently, the site looks very odd and appears to have rendering problems (missing navigation links, etc).
I can sympathize totally with the desire for the site to look the way you designed it...I've spent hours and hours and hours doing this on the sites I work on, trying to make sure they look the way I intended them to, even if the person uses really big fonts, etc.
I once tried to force font sizes, etc. But eventually I came to the conclusion that people are determined to do bizarre things, like view the site on an 800x600 resolution with font size set on LARGEST for IE (maybe some new glasses are in order?), etc. So now I take the approach of designing the site to look pretty much the same no matter how absurd (from a designers point of view) your font choices or screen size. I have http://philambdaupsilon.org/ [philambdaupsilon.org] and http://jayloden.com/ [jayloden.com] both set up to work this way at the moment (at least I hope so, I can't test everything!).
I still cringe to think that someone would be viewing my site so bizarrely, but I've given up on trying to prevent it. I just try to make sure the site degrades gracefull if viewed with text browsers, huge resolution, tiny fonts, huge fonts, etc.
-Jay
Re:I'm worried that greasemonkey has security flaw (Score:5, Informative)
No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.
I'm a dev on GM, and I'd like to shed some light.
First, yes, GM is in the same security sandbox as the page script. It does not run as local script.
The threat model of a user script is the very same as a bookmarklet, except that user scripts get injected without clicks, meaning that the user could forget about some installed script.
If someone installs an Evil(tm) script, it can run on pages that the evil person doesn't control, and provide data back to the evil person.
Note that such evil can be delivered in other ways (bookmarklets, toolbars, etc) which are trojans. You should consider every user script as a possible trojan. So yeah, don't install scripts that do evil things, and if you're not sure, don't install.
We're working on a community-policed user script directory which can confer some level of trust. It's not ready yet. We were slashdotted a little too early.
Also, Greasemonkey supplies some interesting functions to the user script context, including GM_xmlhttpRequest, which allows cross-domain page requests. Couple this with GM_setValue and GM_getValue, and a user script can indeed very effectively share data between different web apps. Before you wail in terror, note that information could be sent to evil third-party domain already by using scripted image tags, iframes, and form posts. GM only opens up an easier way to share data; it does not allow anything that's truly new in this respect.