GM_getValue / setValue bug?

[Shreevatsa]

Hi,

I just installed GreaseKit and a Greasemonkey script that uses
GM_setValue, but it doesn't seem to work.
Is this a known bug? Is the feature just not implemented yet?

-S

[Justin Perkins]

GM_setValue and GM_getValue (and a few GM_ methods) have been removed
from greasekit due to a security vulnerability:
http://8-p.info/greasekit/vuln/20071226-en.html

Here is a workaround to get some of the GM_ methods working again:
http://groups.google.com/group/greasekit-users/browse_thread/thread/7d20ed2f732b3647

And as for GM_setValue and GM_getValue, you can write your own code
(cookie-based) or use something like this (put at the end of your user
script):

var Cookie = {
PREFIX:'_greasekit',
get: function( name ){
var nameEQ = escape(Cookie._buildName(name)) + "=", ca =
document.cookie.split(';');
for (var i = 0, c; i < ca.length; i++) {
c = ca[i];
while (c.charAt(0) == ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
}
return null;
},
set: function( name, value, options ){
options = (options || {});
if ( options.expiresInOneYear ){
var today = new Date();
today.setFullYear(today.getFullYear()+1, today.getMonth, today.getDay());
options.expires = today;
}
var curCookie = escape(Cookie._buildName(name)) + "=" + escape(value) +
((options.expires) ? "; expires=" + options.expires.toGMTString() : "") +
((options.path) ? "; path=" + options.path : "") +
((options.domain) ? "; domain=" + options.domain : "") +
((options.secure) ? "; secure" : "");
document.cookie = curCookie;
},
hasCookie: function( name ){
return document.cookie.indexOf( escape(Cookie._buildName(name)) ) > -1;
},
_buildName: function(name){
return Cookie.PREFIX + '_' + name;
}
};

if(typeof GM_getValue === "undefined") GM_getValue = Cookie.get;
if(typeof GM_setValue === "undefined") GM_setValue = Cookie.set;

[Shreevatsa]

On Aug 28, 11:21 am, "Justin Perkins" <justinperk...@gmail.com> wrote:
> GM_setValue and GM_getValue (and a few GM_ methods) have been removed
> from greasekit due to a security vulnerability:http://8-p.info/greasekit/vuln/20071226-en.html

Oh, ok. Could't it be handled the same way Greasemonkey handles it?
(By running the user scripts in a separate sandbox and preventing web
pages access to these GM_ functions, or functions defined in the user
scripts. So do web pages currently have access to the latter?)

> Here is a workaround to get some of the GM_ methods working again:http://groups.google.com/group/greasekit-users/browse_thread/thread/7...

>
> And as for GM_setValue and GM_getValue, you can write your own code
> (cookie-based) or use something like this (put at the end of your user
> script):

Thanks, those workarounds are useful. I'll try them and post again if
I have questions.

Thanks,
-Shreevatsa

[Justin Perkins]

On Thu, Aug 28, 2008 at 10:47 AM, Shreevatsa
<shreevat...@gmail.com> wrote:
>
> Oh, ok. Could't it be handled the same way Greasemonkey handles it?
> (By running the user scripts in a separate sandbox and preventing web
> pages access to these GM_ functions, or functions defined in the user
> scripts. So do web pages currently have access to the latter?)

Greasemonkey has had numerous security vulnerabilities as well, it's
all something that will be worked out over time with the development
of Greasekit. Really though, that is not a question for greasekit
users (that's what this list is), but for greasekit developers:

http://groups.google.com/group/greasekit-dev/

-justin

[Nils]

Yes, please urge the developer(s) to provide Greasemonkey support! :-)

Nils

On 28 Aug., 17:53, "Justin Perkins" <justinperk...@gmail.com> wrote:
> On Thu, Aug 28, 2008 at 10:47 AM, Shreevatsa
>