GM_xmlhttpRequest referer not passing? – Userscripts.org <link rel="shortcut icon" href="/images/script_icon.png" type="image/x-icon" /> <link href="http://static.userscripts.org/stylesheets/display.css?1227340079" media="screen" rel="stylesheet" type="text/css" /> <script src="http://static.userscripts.org/javascripts/prototype.js?1227340079" type="text/javascript"></script> <script src="http://static.userscripts.org/javascripts/effects.js?1227340079" type="text/javascript"></script> <script src="http://static.userscripts.org/javascripts/lowpro.js?1227340079" type="text/javascript"></script> <script src="http://static.userscripts.org/javascripts/application.js?1227340079" type="text/javascript"></script> <link href="/topics/1302.rss" rel="alternate" title="Subscribe to 'GM_xmlhttpRequest referer not passing?'" type="application/rss+xml" /> </head> <body> <div id="header"> <ul id="mainmenu"> <li><a href="/articles" rel="nofollow">Blog</a></li> <li><a href="/scripts" rel="nofollow">Scripts</a></li> <li><a href="/forums" rel="nofollow">Forums</a></li> <li><a href="/users" rel="nofollow">People</a></li> <li><a href="/signup" rel="nofollow">Signup</a></li> <li><a href="/login" rel="nofollow">Login</a></li> </ul> <h1><a href="/" title="Userscripts.org"><img alt="Userscripts.org" src="http://static.userscripts.org/images/userscripts.org.png?1227340079" /></a></h1> </div> <div id="container"> <div id="content"> <div class="crumbs"> <a href="/forums">Forums</a> <span class="arrow">→</span> <a href="/forums/1">Script development</a> <span class="arrow">→</span> </div> <h1 id="topic-title"> GM_xmlhttpRequest referer not passing? </h1> <p class="subtitle"> <a href="/topics/1302.rss"><img alt="Subscribe to GM_xmlhttpRequest referer not passing?" height="14" src="http://static.userscripts.org/images/feed-icon.png?1227340079" width="14" /></a> 14 posts, 5 voices </p> <a name="posts-4933" id="posts-4933"> </a> <table border="0" cellspacing="0" cellpadding="0" class="posts wide"> <tr class="post hentry " id="4933-row"> <td class="author vcard"> <div class="date"> <a href="#posts-4933" rel="bookmark"> <abbr class="updated" title="2007-11-14T15:23:50-06:00"> Nov 14, 2007 3:23pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=0a235c48c4f300a727cd00c449c718a4&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37417" class="admin" rel="nofollow">gimmic</a></span> <span class="role"> User </span> </td> <td class="body entry-content" id="post-body-4933">  <p>Hey everyone, <br /> I've been working on a little script that has to send a request to a specific page using xmlhttpreq, and while it seems to be sending everything else, it is not sending the referer header information. I have verified this with packet sniffing.</p> <p>I've done extensive googling but have not found a specific answer, it almost seems like firefox is dropping the referer header tag? What's the deal? <br />Is there a way around it?</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-4939" id="posts-4939"> </a> </td> </tr> <tr class="post hentry " id="4939-row"> <td class="author vcard"> <div class="date"> <a href="#posts-4939" rel="bookmark"> <abbr class="updated" title="2007-11-14T18:36:12-06:00"> Nov 14, 2007 6:36pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=bb17d724c0274cb5743116895de49a95&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/27110" rel="nofollow">Descriptor</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-4939">  <p>No, GM_xmlhttpRequest does not send a referer header (or it is always blank). I assume this is a bug in Greasemonkey, or perhaps it's intentional. I tried searching for info on it but gave up. I did not see it listed here: <a href="http://greasemonkey.mozdev.org/bugs.html">http://greasemonkey.mozdev.org/bugs.html</a></p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-4955" id="posts-4955"> </a> </td> </tr> <tr class="post hentry " id="4955-row"> <td class="author vcard"> <div class="date"> <a href="#posts-4955" rel="bookmark"> <abbr class="updated" title="2007-11-16T14:33:13-06:00"> Nov 16, 2007 2:33pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=0a235c48c4f300a727cd00c449c718a4&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37417" class="admin" rel="nofollow">gimmic</a></span> <span class="role"> User </span> </td> <td class="body entry-content" id="post-body-4955">  <p>I have posted a bug request here: <a href="https://www.mozdev.org/bugs/show_bug.cgi?id=18104">https://www.mozdev.org/bugs/show_bug.cgi?id=18104</a></p> <p>It really was a key part of a test script I was making, quite annoying. <br />Can you think of any workarounds?</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-4957" id="posts-4957"> </a> </td> </tr> <tr class="post hentry " id="4957-row"> <td class="author vcard"> <div class="date"> <a href="#posts-4957" rel="bookmark"> <abbr class="updated" title="2007-11-16T19:59:59-06:00"> Nov 16, 2007 7:59pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=bb17d724c0274cb5743116895de49a95&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/27110" rel="nofollow">Descriptor</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-4957">  <p>I haven't tried just using <a href="http://developer.mozilla.org/en/docs/XMLHttpRequest">XMLHttpRequest</a>, maybe it works different, or maybe it does the same thing, it's worth a try.</p> <p>Another thing you might want to know: when using GM_xmlhttpRequest the browser caches the requests (at least SeaMonkey does). The first request shows up in the logs but successive requests do not until the browser cache is emptied, then the first request will show again. Normally I would see a 304 (page not modified), but I didn't even see this. I even tried setting headers for caching, which I forget now, but it wouldn't matter if the browser is just pulling it out of the cache. <br />I know this doesn't help in sending a referrer, just thought you'd like to know.</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-4977" id="posts-4977"> </a> </td> </tr> <tr class="post hentry " id="4977-row"> <td class="author vcard"> <div class="date"> <a href="#posts-4977" rel="bookmark"> <abbr class="updated" title="2007-11-17T20:55:51-06:00"> Nov 17, 2007 8:55pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=ba0851852c0703aeaf29dcf5b0d83d04&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/31647" rel="nofollow">Mikado</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-4977">  <p>XMLHttpRequest passes Referer header correctly. <br />The workaround for GM is making request to <code>"http://your_server.com/your_script.php?par=" + encodeURIComponent(referer)</code> and using php (or any other server-side script) to make second request with all needed headers set.</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5193" id="posts-5193"> </a> </td> </tr> <tr class="post hentry " id="5193-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5193" rel="bookmark"> <abbr class="updated" title="2007-11-29T06:08:46-06:00"> Nov 29, 2007 6:08am </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37004" rel="nofollow">Marti</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5193">  <b>@gimmic</b><br /><br /><big><big>S</big></big>ome information for you that might be helpful. <ul><li><b><big><big><sup>«</sup></big></big></b><i>For security reasons, these steps should be terminated if the header argument case-insensitively matches...<br /> ...<br /> Referer<br /> ...</i><b><big><big><sup>»</sup></big></big></b><br /><br /> Make sure your header arguments meet the criteria from the W3C including the exact spelling.<br /> </li><li>There's an annoying feature discrepancy between their <a href="http://wiki.greasespot.net/GM_xmlhttpRequest#Description">Wiki</a> and the <a href="https://addons.mozilla.org/en-US/firefox/addon/748">Greasemonkey</a> <i><sup>(GM)</sup></i> 0.7.20070607.0 add-on as to what is "required" to be passed using <code> GM_xmlhttpRequest() </code>. Make sure you are declaring the <code> data </code> argument <i>(even if it is set to <code> null </code> )</i>... because in line 76 of GM's xmlhttprequester.js, it appears that GM is doing the open and send automatically. The <code> req.send() </code> call is sending the <code> details.data </code> regardless, and if it doesn't exist, the remainder of the code execution instance of GM may not happen.</li></ul> Let me know if this resolves your issues... as I'm traveling down this road myself... just a bit behind you. </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5207" id="posts-5207"> </a> </td> </tr> <tr class="post hentry " id="5207-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5207" rel="bookmark"> <abbr class="updated" title="2007-11-29T20:01:26-06:00"> Nov 29, 2007 8:01pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=0a235c48c4f300a727cd00c449c718a4&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37417" class="admin" rel="nofollow">gimmic</a></span> <span class="role"> User </span> </td> <td class="body entry-content" id="post-body-5207">  <p>Thanks for the info- I'll give the Referer bit a try shortly, im going to be frustrated if that's the issue! I'll follow up if it works.</p> <p>I've also been poking around on the user groups and getting information saying it may be security related that some of the attribs are left out by the GM wrapper.</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5236" id="posts-5236"> </a> </td> </tr> <tr class="post hentry " id="5236-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5236" rel="bookmark"> <abbr class="updated" title="2007-11-30T23:37:22-06:00"> Nov 30, 2007 11:37pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37004" rel="nofollow">Marti</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5236">  <b>@gimmic</b><br /><br /><big><big>I</big></big> don't see anything in the visible code that would indicate it's being filtered by GM... if it works with a direct html call, then the calls in the chrome namespace should have at minimum equal privileges. I'm not ready to do any testing as of yet myself, but when I do, down the road, will report what I find. </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5312" id="posts-5312"> </a> </td> </tr> <tr class="post hentry " id="5312-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5312" rel="bookmark"> <abbr class="updated" title="2007-12-04T05:04:29-06:00"> Dec 4, 2007 5:04am </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37004" rel="nofollow">Marti</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5312">  <b>@gimmic</b><br /><br /><big><big>W</big></big>ell I've poured over TONS of code this weekend, and needed a bit of time to gather my brain cells.<br /><br /> Here's a few things that I've learned about XMLHttpRequest<br /><ul><li><a href="https://addons.mozilla.org/en-US/firefox/addon/966">Tamper Data</a> add-on reports raw data and ignores other extensions <i>(that's a big no no by the way)</i>.<br /> </li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/3829">Live HTTP Headers</a> add-on correctly reports the headers in cooperation with other add-ons.<br /> </li><li>Firefox 2.X also caches header requests... so they will also only show up once in the logs.<br /> </li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/748">Greasemonkey</a> is "sorta" responsible for not allowing the Referer header atom value to be set, but then again, sorta not!<br /> </li><li>Any call to XMLHttpRequest in the <a href="http://en.wikipedia.org/wiki/Chrome_Mozilla">chrome namespace</a> <i>(Firefox add-ons use this for those that don't know this)</i> is considered "unprivileged" to modify the Referer header atom value <b>UNLESS</b> there is an event listener that modifies the raw data via the http channel <b>OR</b> there is a component add-on <i>(I think that's XBL, still a bit noob to some of this)</i> that is added to an existing add-on.<br /><br /> Firefox currently has two sections, that I can find, in their trunk code <i>(and existing releases too)</i> that <b>PURPOSELY BLOCKS OR CLEARS</b> the Referer header atom value from being set in the chrome namespace.<br /> </li><li>Any XMLHttpRequest call made via <a href="http://wiki.greasespot.net/UnsafeWindow">unsafeWindow</a> <i>(e.g. the native DOM object created from a web server)</i> is considered to be "privileged" enough to set the Referer header atom value.<br /> </li></ul> These last two points seem backwards... MOST security threats, in my circles, come from commercial entities NOT from scripters... but I know that's not always the case.<br /><br /> Currently Firefox is not following the <a href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/#xmlhttprequest">W3C recommendations on XMLHttpRequest</a> by not allowing the Referer header atom value to be set in the chrome namespace using setRequestHeader.<br /><br /> W3C Working Draft <i>(e.g. a whitepaper or RFC)</i> 26 October 2007 clip from Section 2, setRequestHeader method, Item 6 <ul><li><i><b><big><big><sup>«</sup></big></big></b>6. For security reasons, these steps should be terminated if the header argument <b>case-insensitively matches</b> one of the following headers:<br /><ul><li> Accept-Charset </li><li> Accept-Encoding </li><li> Connection </li><li> Content-Length </li><li> Content-Transfer-Encoding </li><li> Date </li><li> Expect </li><li> Host </li><li> Keep-Alive </li><li><b>Referer</b></li><li> TE </li><li> Trailer </li><li> Transfer-Encoding </li><li> Upgrade </li><li> Via </li></ul><b><big><big><sup>»</sup></big></big></b></i></li></ul> I may annotate/cite this post further later... but I've been busy putting what I've learned in the last 36 hours into motion and I'm a bit dain bread from all of this.<br /><br /> 8D<br /><br /><b>Other related links<br /><small><small><a href="http://groups.google.com/group/greasemonkey-dev/browse_thread/thread/77c94cc17c6b2669">http://groups.google.com/group/greasemonkey-dev/browse_thread/thread/7<wbr />7c94cc17c6b2669</a><br /><a href="http://wiki.greasespot.net/GM_xmlhttpRequest">http://wiki.greasespot.net/GM_xmlhttpRequest</a></small></small></b> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5359" id="posts-5359"> </a> </td> </tr> <tr class="post hentry " id="5359-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5359" rel="bookmark"> <abbr class="updated" title="2007-12-07T14:05:48-06:00"> Dec 7, 2007 2:05pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=0a235c48c4f300a727cd00c449c718a4&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37417" class="admin" rel="nofollow">gimmic</a></span> <span class="role"> User </span> </td> <td class="body entry-content" id="post-body-5359">  <p>Wow. Very nice Marti.. so this is starting to kind of look like an issue with FF?</p> <p>Are you saying that even using XMLHttpRequest the Referer isnt being passed through FF? In other words it's currently not possible in GM to pass Referer properly?</p> <p>Thanks for the (very) informative update!</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5360" id="posts-5360"> </a> </td> </tr> <tr class="post hentry " id="5360-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5360" rel="bookmark"> <abbr class="updated" title="2007-12-07T14:41:51-06:00"> Dec 7, 2007 2:41pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=926cdaca5f2093266b98d6f4f496292c&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/26957" rel="nofollow">Yansky</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5360">  <p>Could you maybe insert a new XMLHttpRequest object in a script element into the page? That way you would have access to the Referrer.</p> <p>e.g.</p> <p><pre>var xScript = document.createElement('script'); xScript.type = 'text/javascrpt'; xScript.innerHTML = "function getXmlHttpRequest(){var httpRequest=null;httpRequest=new XMLHttpRequest();return httpRequest;}"; document.getElementsByTagName('head')[0].appendChild(xScript); var xhr = unsafeWindow.getXmlHttpRequest(); xhr.onreadystatechange = function() { if (request.readyState == 4 && request.status == 200) { alert(xhr.getResponseHeader( 'Referrer' )); } }; xhr.open("GET", url, true); xhr.send(null);</pre></p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5386" id="posts-5386"> </a> </td> </tr> <tr class="post hentry " id="5386-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5386" rel="bookmark"> <abbr class="updated" title="2007-12-09T21:11:56-06:00"> Dec 9, 2007 9:11pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=bb17d724c0274cb5743116895de49a95&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/27110" rel="nofollow">Descriptor</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5386">  <p>The header name is 'Referer', and it's a Request Header. <br />But according to what Marti wrote, you can use <a href="http://developer.mozilla.org/en/docs/XMLHttpRequest#setRequestHeader.28.29">setRequestHeader("Referer", "URL")</a> in that function and it should work.</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5402" id="posts-5402"> </a> </td> </tr> <tr class="post hentry " id="5402-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5402" rel="bookmark"> <abbr class="updated" title="2007-12-11T04:20:01-06:00"> Dec 11, 2007 4:20am </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37004" rel="nofollow">Marti</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5402">  <p>Now that I've had enough time to cite references and document Greasemonkey a bit better (which is is important to the explanations I have here), I can get back for a while to u.s.o.</p> <p><b>@gimmic</b> <br />No prob and thanx... yes it is looking more like Mozilla is the culprit, but for reasons unknown. I still don't know whether to file a bug report with them or not... I'll search through their forums and docs soon to see if they have an official standing.</p> <p>What I didn't say in my response above is about YOUR NAMESPACE... any user script namespace is in what they call in the Sandbox, and of course it is not privileged enough either to send the Referer atom (at least on the machines I have tested). Currently the only way that I have successfully sent a Referer atom is to use the unsafeWindow object, which I'm not thrilled with... I usually block all Referer atoms period, but I know some sites are annoying enough to require them. In that case I usually forge them and apparently that's not possible in chrome or the sandbox using the XMLHttpRequest (XHR for short) method, which presents a very large problem.</p> <p><b>@Yansky</b> <br />That's more or less the solution that I've come to as well, but with <b>Descriptors</b> comment about the extra r shouldn't be in there and depending on what method of the native DOM XHR you want to call will determine which method you use. I make typos all the time, so no big deal... but I'm doing my best to be as accurate as I can here. Unfortunately a host site will see what you do when you utilize unsafeWindow *le sigh*</p> <p><b>@Descriptor</b> <br />Thankx for catching that... I've been WAY busy with GM docs</p> </td> </tr> <tr class="spacer"> <td colspan="2"> <a name="posts-5788" id="posts-5788"> </a> </td> </tr> <tr class="post hentry " id="5788-row"> <td class="author vcard"> <div class="date"> <a href="#posts-5788" rel="bookmark"> <abbr class="updated" title="2008-01-01T20:53:35-06:00"> Jan 1, 2008 8:53pm </abbr> </a> </div> <img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /> <span class="fn"><a href="/users/37004" rel="nofollow">Marti</a></span> <span class="role"> Scriptwright </span> </td> <td class="body entry-content" id="post-body-5788">  <p><b>@gimmic</b></p> <p>I've confirmed that it's definitely the browser that is filtering it... however it doesn't look like the Greasemonkey team is going to make any effort to implement the fix anytime in the near future. Only suggestion for now is to use the DOM XMLHttpRequest in an unsafeWindow over the Greasemonkey API implementation or some combination of both to achieve what you need.</p> </td> </tr> </table> </div> <div id="right"> <form action="/posts/search" class="search" method="get"><p><label for="q" id="q_label">Search all posts</label><input id="q" name="q" type="text" /></p></form> <h5>Voices</h5> <a href="/users/37417" rel="nofollow" title="gimmic"><img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=0a235c48c4f300a727cd00c449c718a4&rating=PG&size=32&default=identicon" width="32" /></a></li> <a href="/users/27110" rel="nofollow" title="Descriptor"><img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=bb17d724c0274cb5743116895de49a95&rating=PG&size=32&default=identicon" width="32" /></a></li> <a href="/users/31647" rel="nofollow" title="Mikado"><img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=ba0851852c0703aeaf29dcf5b0d83d04&rating=PG&size=32&default=identicon" width="32" /></a></li> <a href="/users/37004" rel="nofollow" title="Marti"><img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=e615596ec6d7191ab628a1f0cec0006d&rating=PG&size=32&default=identicon" width="32" /></a></li> <a href="/users/26957" rel="nofollow" title="Yansky"><img alt="" class="photo" height="32" src="http://www.gravatar.com/avatar.php?gravatar_id=926cdaca5f2093266b98d6f4f496292c&rating=PG&size=32&default=identicon" width="32" /></a></li> <h5>Sponsored links</h5> <script type="text/javascript"> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> </div> <script type="text/javascript"> //<![CDATA[ if ($('q')) { $('q_label').hide(); Event.observe('q', 'focus', function(e) { if (this.value == $('q_label').innerHTML) { this.value = ""; this.style.color = null; } }); function q_show_label(e) { if (this.value == "" || this.value == $('q_label').innerHTML) { this.value = $('q_label').innerHTML; this.style.color = "#888"; } } Event.observe('q', 'blur', q_show_label); q_show_label.call($('q')); // Event.trigger didn't work } //]]> </script> <br style="clear:both;" /> </div> <div id="footer"> <p> <strong class="disclaim">Because it's your web.</strong> <em class="credit">A <a href="http://tr.emendo.us" rel="nofollow">tremendous</a> project with the help from our <a href="/users/contributers" rel="nofollow">friends</a>.</em> </p> </div> <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script> <script type="text/javascript"> _uacct = "UA-50927-4"; urchinTracker(); </script> <script type="text/javascript" src="/mint/?js"></script> <script type="text/javascript"> _qoptions={ qacct:"p-6eWjYgYdo7Su6" }; </script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> <noscript><img src="http://pixel.quantserve.com/pixel/p-6eWjYgYdo7Su6.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></noscript> <script src="http://userscripts.uservoice.com/widgets/tab.js?alignment=right&color=f18705" type="text/javascript"></script> </body> <script type="text/javascript"></script> </html>