Screen Userscripts

By Max (-ElectroFox Designs) Last update Feb 16, 2011 — Installed 8,056 times.

Archived Comments (locked)

in
Subscribe to Archived Comments 22 posts, 15 voices



Nov 17, 2004 1:05am
Jesse Andrews Admin

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)
 
Nov 8, 2008 9:12pm
simon! Scriptwright

will you PLEASE update this script!
 
Aug 6, 2008 10:19pm
Max (-El... Script's Author

RE: "How do you check an MD5 sum?"
See the part about checking the md5 sum in the description above. (About 5 paragraphs down.)
-Max
 
Jun 14, 2008 3:00am
Yori User

How do you check an MD5 sum? I'm not sure, but do we download the MD5 sum from http://www.efoxdesigns.com/max/downloads/Screen Userscripts/ after we install Screen Userscripts?
 
Jan 24, 2008 10:28am
bwalker User

I am thankful for this script. People like me who are not experts in javascript can have at least a small level of defense against malicious codes.
 
Jan 4, 2008 1:28am
Max (-El... Script's Author

So, for those of you wondering, there is a bug in the current downloadable version of this script, that I haven't had time to fix yet. Basically, what happens, is that when you upgrade to this version, you will get a message saying that you don't have the current version, when, in fact, you do. All you have to do is click the box, to ignore it forever. (Until, possibly a new version comes out.)
I might not fix this bug until the next version. However, if people email me, expressing an interest in a fix sooner than that, then I will take a look at it.
Regards,
Max max(AT)efoxdesigns(DOT)com
 
Sep 12, 2007 11:54pm
Daniel Dawson Scriptwright

I'm with Lucanos on this. It's pretty easy to come up with some convoluted expression that yields "document.cookie" and then pass it to eval. It's not that you shouldn't try, but users need to know that there is no guarantee something won't slip through.
 
Sep 11, 2007 3:24am
Lucanos Scriptwright

An interesting concept - I have had a look at the code (I am no PHP or JavaScript expert, I should point out), but looking for strings which contain "*.php?cookie=*" seems pretty easy to work around - I'd simply change the variable name to "c", or not bother naming it at all.

A simpler (and admittedly, possibly easier circumvented) technique may just be to scan for the string "cookie" inside the script.

Just an idea...
 
Sep 4, 2007 2:42pm
shirish User

Very nice, I like it :D
 
Aug 23, 2007 8:26pm
Max (-El... Script's Author

Yes, and they do. Screen Userscripts works on other sites besides us.org, such as this script's homepage
Also, in the future, Screen Userscripts will hopefully be able to screen against other malicious scripts.
-Max
 
Aug 23, 2007 7:53pm
engtech Scriptwright

If it's possible to scan userscripts for cookie stealing, couldn't us.o do that on their end and flag scripts?
 
Aug 19, 2007 9:44am
granun User

<font>

<tbody></tbody>

It's great script
but it's slow down firefox
but it's worth for me to use it,anyway


.....Geranun......

</font>

 
 
Aug 19, 2007 5:34am
ithcy Scriptwright

while this is a valiant effort, the MD5 and SHA1 sums do not provide any additional authenticity verification. if the author of this script were to fall victim to a cookie-stealer script that compromised his USO account, the MD5 and SHA1 sums could be spoofed as easily as this script itself.
 
Aug 18, 2007 8:34pm
war59312 User

Nice one!
 
Aug 16, 2007 7:49pm
Max (-El... Script's Author

(By the way, Gasoline, even though the scan button does not appear on the description pages, they are still being scanned. It's just automatic.)
 
Aug 16, 2007 5:38pm
Max (-El... Script's Author

Yeah, that's one of the features you can configure. Just set threshold to 0, OR set autoScan to false, if you want it to ask on the description page. threshold is the number of script links on a page that Screen Userscripts will automatically scan. If the number of userscript links on a page is higher than threshold, Screen Userscripts won't auto-scan any, but will show the scan button instead. If you set autoScan to false, Screen Userscripts will never automatically scan userscripts, but will display the scan button instead. (Please see the [Update] notes in the description for release information.)
Regards,
-Max
 
Aug 16, 2007 7:47am
Gasoline- Scriptwright

Ok, the new fetures works, great!

but (jea, again :P)
i think not to scan all scripts on the page, then i go into the script itself, and the "scan-button" disappear.
(after the search, you got 100 scripts, you show one, to intsall it, but then the button from screen userscript ar gone. you know, the page where you can install scripts with this button.)
 
Aug 16, 2007 2:42am
Max (-El... Script's Author

All 'problems' thus far (I'm talking about those in the comments below) have been fixed.
autoScan and threshold options have been added. Enjoy!
 
Aug 15, 2007 10:25pm
Max (-El... Script's Author

Done. You now have the option to automatically scan, or be asked. (Another update is coming soon.)
 
Aug 15, 2007 9:32pm
Tanel Scriptwright

Same problem here as Gasoline- had - it slows down firefox way to much to use it.

I am using firefox in ubuntu and it just flashes dark for 5-10 seconds (if not more) - all the browssing (tabs) are also freezed
 
Aug 15, 2007 12:02pm
Gasoline- Scriptwright

so, ok. ill testet this script
it worked on your testpage, nice!

buuut:
if you got e few scripts on a page (eg search on userscripts for scripts) then the script slows down your computer really much (crash firefox).

featurerequest:
build a button, which the user can press to check the actual homepage/script, or just run your script if someone want to install a script.

i would say, its a featurerequest on greasemonkey addon itselft, they should check the scripts and warn you if the script you will install is malicious. ....

(sorry for my bad englisch ;)
 
Aug 14, 2007 12:01pm
crazian User

Let me try it :D
Cross
Presentational HTML allowed.
Use <code> for inline code and <pre> for code blocks. Use &lt; and &gt; for literal < and >.
We help break paragraphs and link your links.
or cancel