Greasemonkey: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 12:58, 17 March 2006 editStevage (talk \| contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers11,864 edits →Technical, operational, and ethical issues arising from user scripting: remove "defective" model← Previous edit		Revision as of 20:11, 17 March 2006 edit undo160.83.73.14 (talk) →Greasemonkey equivalents for other browsers Next edit →
Line 29:		Line 29:

	==Greasemonkey equivalents for other browsers==		==Greasemonkey equivalents for other browsers==
	Greasemonkey is available for Firefox and ]. The Epiphany Greasemonkey extension is part of the ] package. For ], , and offer similar functionality.		Greasemonkey is available for Firefox and ]. The Epiphany Greasemonkey extension is part of the ] package. For ], , and offer similar functionality. Creammonkey is available for the Safari browser.

	Only Turnabout, which is available under the ] is ].		Only Turnabout, which is available under the ] is ].

Revision as of 20:11, 17 March 2006

For the slang term referring to mechanics see Grease monkey

File:Jfader greasemonkey bookburro.png

Screenshot of the BookBurro user script running in Greasemonkey. BookBurro alters an amazon.com page to show the prices of the same book offered by competing retailers.

Greasemonkey is a Mozilla Firefox extension that allows users to install scripts that make on-the-fly changes to specific web pages. Without an extension like Greasemonkey, this modification has to be done manually, using Firefox's JavaScript Console or the JavaScript: protocol, the browser's Document Object Model Inspector, or bookmarklets. As the Greasemonkey scripts are persistent, the changes made to the web pages are executed every time the page is opened, making them effectively permanent for the user running the script.

Greasemonkey can be used for adding new functionality to webpages (like embedding price comparison in amazon.com webpages), fixing rendering bugs, combining data from multiple webpages, and numerous other purposes. Well written Greasemonkey scripts can integrate changes so well that their additions appear to be natural parts of the web page.

Technical details

Most Greasemonkey user scripts are written by hand, using site-specific JavaScript code which manipulates the contents of a webpage using the Document Object Model interface. userscripts.org maintains a database of Greasemonkey scripts, and for each it lists the URLs of webpages to which the scripts pertain. (N.B. The obsolescent script repository might contain some older scripts that have not yet migrated to the new repository.) When the user loads a matching page Greasemonkey invokes the relevant scripts, which can then add to the page, delete parts of it, or move parts around. Greasemonkey scripts can also contact other websites, and several query pages related to the current page and use this to add additional information to the page. Greasemonkey scripts have the format somename.user.js, and Greasemonkey automatically detects and offers to install any such scripts which it encounters. In addition to JavaScript code, Greasemonkey scripts contain limited metadata, which specifies the author of the script, its version information, and the default list of URLs for which the script is intended.

Writing a Greasemonkey script is a technically demanding process (although rather easier than writing a fully-fledged Firefox extension). This means that few ordinary users can practically write Greasemonkey extensions. The Platypus extension, however, allows users to edit a page (deleting parts of it, or moving parts around); Platypus then saves these changes as a persistent Greasemonkey script.

Typical Greasemonkey scripts

Users have written scripts which:

Alter Gmail to provide an instantaneous deletion control (Gmail has now been altered to include a delete button, making the script useless)
Show a list of competing retailers' prices for a book when viewing the book on online retailers
Remove advertisements from many sites, including popups and google text ads.
Alter the layout of pages.
Autofill forms
Add or remove accessibility features from pages.

Technical, operational, and ethical issues arising from user scripting

Some in the Firefox community, and a number of technical analysts, warn that widespread use of Greasemonkey and related user scripting technologies will require care in deployment. Their concerns include:

Possible disruption to revenue of some websites. Some Firefox users already block web advertisements, but Greasemonkey may be used to change ads from one company to those of their competitor, to artificially inflate web advertising scores, or to fool the statistics programs run by paid browsing companies.
Increases in the web traffic that arise from every page. Some Greasemonkey scripts obtain additional information about pages the user visits, for example from services such as del.icio.us and Bloglines. If these scripts were widely used, they would cause additional traffic to the target websites.
The proliferation of scripts acting on many pages, and the difficulty of distinguishing whether problems in a page are caused by actual web-programming bugs or by local Greasemonkey scripts, may make troubleshooting defects more difficult. This was the subject of a Forrester Research report (cost: US$49.00) entitled Greasemonkey Primes Firefox For Embarrassment.

Greasemonkey equivalents for other browsers

Greasemonkey is available for Firefox and Epiphany. The Epiphany Greasemonkey extension is part of the Epiphany-extensions package. For Internet Explorer, GreasemonkIE, Trixie and Turnabout offer similar functionality. Creammonkey is available for the Safari browser.

Only Turnabout, which is available under the BSD License is open source software.

Version 8 of Opera also adds user scripting functionality.

As both Opera and Firefox support the W3C DOM, many Greasemonkey user scripts also work correctly on Opera.

Similar software

Proxomitron, available since late 1990s, predates JavaScript active browsing and provides similar functionality for all browsers using regexp matching.
Proximodo, inspired by- and interoperalbe with proxomitron, is an open source, client side Proxy Server which allows manipulation of page content
Privoxy is an open source, client side Proxy Server which allows manipulation of page content available in many OS flavors
MouseHole is a client side Proxy Server which allows manipulation of page content using Ruby.
Monkeygrease is a Java Servlet which can be used to alter the output of a closed-source Java web application before its output is sent to the client.

Bookmarklets can execute arbitrary JavaScript on any page, but they require a user to click them, rather than running automatically.

Major security hole

On July 20, 2005 a serious security hole in Greasemonkey version 0.3.4 was discovered. This allowed specially crafted websites to hijack Greasemonkey functionality normally reserved for user scripts, and thus to access the user's local machine or probe other machines on their intranet. Among the features Greasemonkey supplies to user scripts is an interface to Firefox's XMLHTTP mechanism; this is used to query other websites (Book Burro, mentioned above, obtains book prices using this functionality). Access to this functionality should be reserved to trusted user scripts running inside Greasemonkey, but technical author Mark Pilgrim discovered the Greasemonkey APIs were (very briefly) accessible to ordinary JavaScript programs running on a webpage. By this means it is possible for such a webpage to store references to Greasemonkey's APIs and access them later, circumventing the usual checks.

Greasemonkey's development team worked on a full fix for the problem, which would allow access to privileged Greasemonkey functionality only to trusted user scripts. In the meantime they released a crippled interim release, version 0.3.5; it simply removed all the special Greasemonkey API calls altogether. This removes the dangerous code, at the expense of disabling a number of the most useful Greasemonkey user scripts which depend upon it. Greasemonkey's developers described this change as "mandatory", and advised users to either install it or uninstall Greasemonkey altogether. No exploit is known to exist, but the power and simplicity of the security hole makes it likely one will quickly be developed. (Announcement of the vulnerability) (Details of the security hole)

The next major release, Greasemonkey 0.5.1 final, fixed this problem and all other known Greasemonkey security holes.

External links

Homepage of the Greasemonkey extension
Blog with the latest Greasemonkey information and updates
The old Greasemonkey script repository contains a number of scripts created by people for their personal needs, and uploaded for use by others.
- Website Specific User Scripts
- User Scripts that work with any webpage
UserScripts.org (formerly Greasemonkeyed.com) - the script repository that replaces dunck.us
Dive Into Greasemonkey, a free book by Mark Pilgrim
Internet Week's review of Greasemonkey
InformationWeek's review of Greasemonkey
Greasemonkey etiquette
Greasemonkey and its effect on business models
Festa, Paul (24 March 2005). "Firefox add-on lets surfers tweak sites, but is it safe?". {{cite news}}: Check date values in: |date= (help); Unknown parameter |org= ignored (help)
Singel, Ryan (17 May 2005). "Firefox Users Monkey With the Web?". {{cite news}}: Check date values in: |date= (help); Unknown parameter |org= ignored (help)

Category:

Mozilla extensions

Misplaced Pages