eval() after update to 0.9
24 views
Skip to first unread message
Beho Double
Jan 22, 2011, 5:42:20 PM1/22/11
to greasemonkey-users
Firefox 3.6.13 Greasemonkey 0.9.0
A simple script like this doesn't work .........
// ==UserScript==
// @name test
// @namespace http://test.free.fr
// @description test
// @include *
// ==/UserScript==
eval("alert('bop');");
....... but this script works with 2 alerts : :D
// ==UserScript==
// @name test
// @namespace http://test.free.fr
// @description test
// @include *
// ==/UserScript==
alert("bop");
eval("alert('bop');");
A simple script like this doesn't work .........
// ==UserScript==
// @name test
// @namespace http://test.free.fr
// @description test
// @include *
// ==/UserScript==
eval("alert('bop');");
....... but this script works with 2 alerts : :D
// ==UserScript==
// @name test
// @namespace http://test.free.fr
// @description test
// @include *
// ==/UserScript==
alert("bop");
eval("alert('bop');");
sizzlemctwizzle
Jan 23, 2011, 5:36:10 PM1/23/11
to greasemonkey-users
Simple answer: quit using eval. It's both unnecessary and an
incredibly poor programming practice.
incredibly poor programming practice.
sizzlemctwizzle
Jan 23, 2011, 5:42:30 PM1/23/11
to greasemonkey-users
As for an actual permanent fix, we'll have to look into that.
danielslaughter
Jan 23, 2011, 9:15:23 PM1/23/11
to greasemonkey-users
I'd like to +1 an issue with this. I have a script which uses eval()
to execute code in a manner in which I have yet to find an alternate
solution to.
to execute code in a manner in which I have yet to find an alternate
solution to.
sizzlemctwizzle
Jan 23, 2011, 9:32:42 PM1/23/11
to greasemonkey-users
On Jan 23, 8:15 pm, danielslaughter <slaughter.dan...@gmail.com>
wrote:
wrote:
> I'd like to +1 an issue with this. I have a script which uses eval()
> to execute code in a manner in which I have yet to find an alternate
> solution to.
If you give me the script, I can give you a non-eval alternative.> to execute code in a manner in which I have yet to find an alternate
> solution to.
danielslaughter
Jan 23, 2011, 9:43:03 PM1/23/11
to greasemonkey-users
That would be great if you could. It's in this script on line 26:
http://www.danielslaughter.com/projects/greasemonkey_gmailpop3/gmail_pop3.user.js
I realize it's running eval() against source from a different domain
(danielslaughter.com) than what it's intended to run on (gmail.com),
but I wasn't sure how else to easily push out updates for the script
without requiring individuals to download it every time. Also, it's on
my domain and I'm aware there is no malicious items the eval()
function would be executing (although I know it's still bad practice).
Thank you,
Daniel Slaughter
http://www.danielslaughter.com/projects/greasemonkey_gmailpop3/gmail_pop3.user.js
I realize it's running eval() against source from a different domain
(danielslaughter.com) than what it's intended to run on (gmail.com),
but I wasn't sure how else to easily push out updates for the script
without requiring individuals to download it every time. Also, it's on
my domain and I'm aware there is no malicious items the eval()
function would be executing (although I know it's still bad practice).
Thank you,
Daniel Slaughter
sizzlemctwizzle
Jan 23, 2011, 10:50:59 PM1/23/11
to greasemonkey-users
On Jan 23, 8:43 pm, danielslaughter <slaughter.dan...@gmail.com>
wrote:
> That would be great if you could. It's in this script on line 26:http://www.danielslaughter.com/projects/greasemonkey_gmailpop3/gmail_...
Yup, you've stumbled on the one case where eval is actually useful.
You could try replacing the line with the eval on it with this:
var txt = r.responseText;
o.core = JSON.parse(txt.substring(1, txt.length-1));
It probably won't work because the response text from your server
doesn't appear to be pure JSON(it contains actual JavaScript, not just
values). Perhaps you could modify the PHP script on your sever to
serve proper JSON and move whatever code you pass into the actual
userscript.
You could also assign the object declared remotely to a variable and
use an @require to include it in your script.
wrote:
> That would be great if you could. It's in this script on line 26:http://www.danielslaughter.com/projects/greasemonkey_gmailpop3/gmail_...
Yup, you've stumbled on the one case where eval is actually useful.
You could try replacing the line with the eval on it with this:
var txt = r.responseText;
o.core = JSON.parse(txt.substring(1, txt.length-1));
It probably won't work because the response text from your server
doesn't appear to be pure JSON(it contains actual JavaScript, not just
values). Perhaps you could modify the PHP script on your sever to
serve proper JSON and move whatever code you pass into the actual
userscript.
You could also assign the object declared remotely to a variable and
use an @require to include it in your script.
Reply all
Reply to author
Forward
0 new messages