Discussion on Screen Userscripts | Userscripts.org

Archived Comments, replied by simon!

simon! — Sat, 08 Nov 2008 21:12:38 +0000

will you PLEASE update this script!

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Wed, 06 Aug 2008 22:19:36 +0000

RE: "How do you check an MD5 sum?"
See the part about checking the md5 sum in the description above. (About 5 paragraphs down.)
-Max

Archived Comments, replied by Yori

Yori — Sat, 14 Jun 2008 03:00:45 +0000

How do you check an MD5 sum? I'm not sure, but do we download the MD5 sum from http://www.efoxdesigns.com/max/downloads/Screen Userscripts/ after we install Screen Userscripts?

Archived Comments, replied by bwalker

bwalker — Thu, 24 Jan 2008 10:28:29 +0000

I am thankful for this script. People like me who are not experts in javascript can have at least a small level of defense against malicious codes.

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Fri, 04 Jan 2008 01:28:56 +0000

So, for those of you wondering, there is a bug in the current downloadable version of this script, that I haven't had time to fix yet. Basically, what happens, is that when you upgrade to this version, you will get a message saying that you don't have the current version, when, in fact, you do. All you have to do is click the box, to ignore it forever. (Until, possibly a new version comes out.)
I might not fix this bug until the next version. However, if people email me, expressing an interest in a fix sooner than that, then I will take a look at it.
Regards,
Max max(AT)efoxdesigns(DOT)com

Archived Comments, replied by Daniel Dawson

Daniel Dawson — Wed, 12 Sep 2007 23:54:48 +0000

I'm with Lucanos on this. It's pretty easy to come up with some convoluted expression that yields "document.cookie" and then pass it to eval. It's not that you shouldn't try, but users need to know that there is no guarantee something won't slip through.

Archived Comments, replied by Lucanos

Lucanos — Tue, 11 Sep 2007 03:24:41 +0000

An interesting concept - I have had a look at the code (I am no PHP or JavaScript expert, I should point out), but looking for strings which contain "*.php?cookie=*" seems pretty easy to work around - I'd simply change the variable name to "c", or not bother naming it at all.

A simpler (and admittedly, possibly easier circumvented) technique may just be to scan for the string "cookie" inside the script.

Just an idea...

Archived Comments, replied by shirish

shirish — Tue, 04 Sep 2007 14:42:12 +0000

Very nice, I like it :D

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Thu, 23 Aug 2007 20:26:32 +0000

Yes, and they do. Screen Userscripts works on other sites besides us.org, such as this script's homepage
Also, in the future, Screen Userscripts will hopefully be able to screen against other malicious scripts.
-Max

Archived Comments, replied by engtech

engtech — Thu, 23 Aug 2007 19:53:07 +0000

If it's possible to scan userscripts for cookie stealing, couldn't us.o do that on their end and flag scripts?

Archived Comments, replied by granun

granun — Sun, 19 Aug 2007 09:44:35 +0000

<font>

It's great script
but it's slow down firefox
but it's worth for me to use it,anyway

.....Geranun......

</font>

Archived Comments, replied by ithcy

ithcy — Sun, 19 Aug 2007 05:34:38 +0000

while this is a valiant effort, the MD5 and SHA1 sums do not provide any additional authenticity verification. if the author of this script were to fall victim to a cookie-stealer script that compromised his USO account, the MD5 and SHA1 sums could be spoofed as easily as this script itself.

Archived Comments, replied by war59312

war59312 — Sat, 18 Aug 2007 20:34:25 +0000

Nice one!

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Thu, 16 Aug 2007 19:49:52 +0000

(By the way, Gasoline, even though the scan button does not appear on the description pages, they are still being scanned. It's just automatic.)

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Thu, 16 Aug 2007 17:38:49 +0000

Yeah, that's one of the features you can configure. Just set threshold to 0, OR set autoScan to false, if you want it to ask on the description page. threshold is the number of script links on a page that Screen Userscripts will automatically scan. If the number of userscript links on a page is higher than threshold, Screen Userscripts won't auto-scan any, but will show the scan button instead. If you set autoScan to false, Screen Userscripts will never automatically scan userscripts, but will display the scan button instead. (Please see the [Update] notes in the description for release information.)
Regards,
-Max

Archived Comments, replied by Gasoline-

Gasoline- — Thu, 16 Aug 2007 07:47:30 +0000

Ok, the new fetures works, great!

but (jea, again :P)
i think not to scan all scripts on the page, then i go into the script itself, and the "scan-button" disappear.
(after the search, you got 100 scripts, you show one, to intsall it, but then the button from screen userscript ar gone. you know, the page where you can install scripts with this button.)

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Thu, 16 Aug 2007 02:42:21 +0000

All 'problems' thus far (I'm talking about those in the comments below) have been fixed.
autoScan and threshold options have been added. Enjoy!

Archived Comments, replied by Max (-ElectroFox Designs)

Max (-ElectroFox Designs) — Wed, 15 Aug 2007 22:25:00 +0000

Done. You now have the option to automatically scan, or be asked. (Another update is coming soon.)

Archived Comments, replied by Tanel

Tanel — Wed, 15 Aug 2007 21:32:34 +0000

Same problem here as Gasoline- had - it slows down firefox way to much to use it.

I am using firefox in ubuntu and it just flashes dark for 5-10 seconds (if not more) - all the browssing (tabs) are also freezed

Archived Comments, replied by Gasoline-

Gasoline- — Wed, 15 Aug 2007 12:02:18 +0000

so, ok. ill testet this script
it worked on your testpage, nice!

buuut:
if you got e few scripts on a page (eg search on userscripts for scripts) then the script slows down your computer really much (crash firefox).

featurerequest:
build a button, which the user can press to check the actual homepage/script, or just run your script if someone want to install a script.

i would say, its a featurerequest on greasemonkey addon itselft, they should check the scripts and warn you if the script you will install is malicious. ....

(sorry for my bad englisch ;)

Archived Comments, replied by crazian

crazian — Tue, 14 Aug 2007 12:01:14 +0000

Let me try it :D

Archived Comments, replied by Jesse Andrews

Jesse Andrews — Wed, 17 Nov 2004 01:05:20 +0000

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)