Greasemonkey

It’s good to see Greasemonkey getting some press. It’s a fantastic idea. I demoed something similar, although not as capable, at EuroFoo in August last year. I called it “refacing” – a way of changing the face of particular sites to suite yourself. My simple example was defacing the SCO website so that all the references read “SCOundrels”. (Amusingly, the current Word of The Day on the front of www.sco.com is “Longevity”. Presumably they are referring to Linux rather than their own business.) But I never had time to take it forward and it languishes still on my laptop. I’m glad someone is making this happen :-)

You don’t actually need an extension to do something like Greasemonkey – you could do it all from a bookmarklet with appropriate server-side support. The bookmarklet injects a script which adds a DHTML popup to the page which gives a menu of available scripts. Of course, an extension gives much better UI, and is probably the correct solution for the long term.

However, the key problem with running scripts written by others in your session context for a website is security. There’s no real way to control a malicious user script once it’s running. Audit is your only line of defence. Be careful out there, kids.

One thought on “Greasemonkey

  1. If I were an end user, I’d be more worried about installing random extensions that can do whatever they want to my computer. Seems like worrying about a user script stealing my cookies is not as important.