Slashdot Mirror
Hacking the Web with Greasemonkey
plasticmillion writes "Greasemonkey is a revolutionary Firefox extension that many feel has enormous implications for the future evolution of the web. By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers. Since its inception, it has given rise to an impressive array of scripts for everything from enhancing Gmail with one-click delete functionality to preventing Hotmail from spawning new windows when you click on external links. In recent Greasemonkey news, Mark Pilgrim just published a comprehensive primer called 'Dive Into Greasemonkey', a must-read for those who want to try their hand at writing their own scripts. It should be noted that Greasemonkey is not without controversy, but this has done nothing to reduce its popularity among web programmers. Even Opera has jumped on the bandwagon with their own version of user scripts. To illustrate the principle to /.ers, I whipped up a handy little script called 'Slashdot Live Comment Tree', which lets you expand and collapse entire threads in an article's comments."
By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers.
Google has tried something similar before with their toolbar and ISBNs.
That said, I am going to use this guide to disable Greasemonkey. I write websites so I can present ideas to people. I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen. That way I can provide content based on expectations of standards compliance.
If you want to display my content with your own formatting, use my RSS feed.
The dangers of knowledge trigger emotional distress in human beings.
Let the monkey jokes begin...
If other articles are drawing notice to free registration for articles such as the NYT, why is this one linking to an article trying to charge $34?
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
It should also be noted that the person claiming controvesy is also charging $49.00 for the "research" he has written. Do people buy these things?
Any, the summary of it reads as basically "users might install extensions that don't work with your own corporate pages". Personally, if an end user is installing applications without understanding the implications, you should ask whether that user should be allowed to install applications. The "researcher" claims that this risk should delay Firefox roll-outs in the enterprise.
Who's going to write the "Hide Roland Pipe" stories from Slashdot.
If we wanted to read hack-a-day, we'd read it there.
Seriously, fuck.
For several months, I labored under IE. 20 windows open everywhere, because it has no tabs. Even though I had managed to install Firefox (don't you love apps that don't require registry keys?), it was no help, because the applications department writes javascript that looks like it was squeezed from between Ballmer's asscheeks.
It was difficult. Took me two months of working with greasemonkey, of 3 minutes stolen here, and 5 minutes borrowed there in between calls (did I mention I'm only a phone monkey for a DSL ISP?). But in the end, not only can I use our main webapp in Firefox, it has features that the standard one doesn't. It often helps to shave up to a minute off of calltimes.
Which may be why I'm in trouble for using Firefox at that job. Dunno.
While I like the features of Greasemonkey lot, I had to uninstall it because it is incompatible with some websites I use often. They jut plain don't work with Greasemonkey enabled.
Example: map.search.ch/etoy (The map does not display at all)
I've submitted a bug about it, but my submission has been completely ignored (as mozdev.org is slashdotted right now I don't have the reference handy).
Markus
Google cache of guide to disable Greasemonkey
Evolution or ID?
http://en.wikipedia.org/wiki/Bookmarklet
Bookmarklet uses DHTML (JavaScript + DOM) as well.
The good thing is, most of the time, it's cross-browser -- not Mozilla-specific.
You can fix rendering bugs that the site owner can't be bothered to fix themselves.
:)
Could be useful for Slashdot then
Websites are a strange medium. Things like greasemonkey and adblock and google toolbar have been spurring these debates about content control.
I would not be suprised if this debate grew bigger as the popularity of client side controll apps gets bigger.
Alot of people want their webpage to look the way they intended it to look, but I think the truth is that you can not count on that. Different browsers, different computers, different monitors...
I am in favor of client side tools, I think that a user getting the best use possible out of a site is a good thing, in fact that is my goal when designing a website. If they think they can do it better, be my guest.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
So I run off in hopes of reading the controversy and it says I need to pay $49.00 to "By the Research"? What gives? Anybody have any worthwhile information to spare us broke college kids a little cash? Or, is my exam fragmented brain missing something that should be obvious?
My lame blog.
Just publish your site as a collection of image files.
That'll teach them young whipper-snappers!
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
To get more Opera-like behaviour is easy and can be done by the extensible options in Firefox like SO.
Thus all those hotmail and gmail open link in new window pains will just go away!
One very interesting thread has been misuse of Greasemonkey(GM). GM allow script authors to use an XML_HTTPrequest() type functionality. This is often to look up information services, such as google, de.li.ci.ous, weather etc.
With a poorly coded script, there could be thousands of http connections spawned per page transition. A DDOS of sorts. This will be an interesting one to tackle.
Any ideas out there??
[% slash_sig_val.text %]
I have a web page that runs a little javascript at the end, where it pops up an alert window, then redirects to another page. I would like to write a greasemonkey script to remove this redirection. Unfortunately, the page's javascript gets run before greasemonkeys. Any ideas about how get my greasemonkey script to run sooner?
I'm a leaf on the wind. Watch how I soar.
In order to avoid $50 articles, I found this article which did talk about some potential security problems with greasemonkey. It seems hackers could make scripts that behave maliciously. According to the article, even the original greasemonkey developer has expressed concerns along those lines.
And who's the moron with yellow text on a dark blue background? There are readability standards, ya know.
I write web apps for internal use and do all my testing in IE as that is what is deployed to 99% of the users who will be using my apps.
The problems arise when IE and FF have minute differences in the way the page looks. Default fonts, CSS, etc.
Granted it is IE that is broken but in that case what do you do. Write complaint code and ?demand? that the 200 uses use FF? I don't think so. You write the code for your client and tell the few FF users to either deal with it or use IE for this app.
GreaseMonkey can break the DOM and cause problems anyway. Sometimes as a developer you need to just say fuck it and make it work for your users and standards be damned.
It is nothing personal, it is just business and honestly, my paycheck, not my morals, dictate my work environment.
Is this sting powerful enough to take back control of your passwords? The day that autocomplete became enforced users lost the power to manage their passwords. can GM be used to removed this directive?
LOL
Of course, it's perfectly understandable that you'd want to control your website, but I think the way you're approaching hypertext is missing a lot of its elegance. I mean, theoretically the act of browsing in and of itself gives the reader a certain amount of authorial power, and if web developers learned to abstract their designs and fully embrace XML and CSS, the display of a site should be completely customizable by the user (with a custom style sheet.) Of course, the chances of this happening are next to nil, and who's to say that the web would be any better for it? In any case, though, I think that the best way to work towards a good/useful internet in the future is to cede as much authorial power as possible to the readers. Anyway, I drag on. Should probably stay away from slashdot after an all-nighter.
"Even Opera has jumped on the bandwagon with their own version of user scripts." Well, considering that Opera previewed a similar technology back in early 2003, I'm not so sure you could call that "jumping the bandwagon". But still, it's a nice edition, both to Firefox and Opera.
Here's handy script to parse out Xeni Jardin's content on boingboing. Now if only I had one to parse out Doctorow's fucking Disney fetish, I'd be all set.
Hell, if I want to print it out and use it as toilet paper, I will.
Now that you've said this, everyone is going to use my site as TP. Thanks, buddy.
The dangers of knowledge trigger emotional distress in human beings.
That web page you metioned renders horrendously in Firefox 1.0.1 (Linux)....
If only I knew how to use Greasemonkey to make that page render correctly...........
Yes, fixing a broken tool myself during what would otherwise be unusable downtime, that shows a lack of respect for the rules *and* absence of initiative.
Wait a sec... Roger (my boss), is that you?
"It is nothing personal, it is just business and honestly, my paycheck, not my morals, dictate my work environment."
The second worst thing about that statement is that you sound as if you mean it.
The worst thing is that you sound as if you're proud of it.
This attitude causes most of the suffering and evil in the world. The relatively few people who actually have the goal of harming others wouldn't get very far without lots of wimps with this attitude.
(I may just be troll feeding here, but I still had to call it.)
Exam 4/C again. Maybe I'll do better this time.
I write websites so I can present ideas to people. I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen.
First of all, I'd be surprised if more the 1% of your site's vistors have this extension installed. For the few who do and have figured out to hack Greasemonkey to have your web site work better for them (1) they are probably geeks who are going to get pissed at you and (2) they are probably regular users of your site who are fully cognizant of your brilliant design -- it just doesn't work for them.
Hopefully, you don't fall into this category, but we all have experienced sites by designers who were so obsessed with their own brilliance that they've never figured out that their sites are unusable. Often it is not the designer who is at fault, but customers with delusions of being designers, who put up huge, useless graphics, or long pointless flash intros to their sites. They lose site of the fact that users want to use their site; and that the user may have very different characteristics.
The web is an interactive medium; if a user wants to be bothered to use your site in some way that doesn't come from you, I'd be pleased.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
If someone can't view your site as influenced by some Greasemonkey script or another, it's their fault and their problem. Not yours. You go ahead and provide standards-compliant, semantic markup, and folks'll use it as-is or filter it through something like Greasemonkey.
What's next---are you going to tell people they can't visit your site using lynx, or with images turned off, or that they can't change their font size, so they'll have to squint like everyone else?
What's the point of making it harder on your users, of taking away functionality from them?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Reading the referenced blog entry, there is a good point to be made where GM breaks sites. The point of standard compliance is that consumers are free to see the output that the producers intended, not that consumers would be forced into one way of working, and enjoying content. Now, so long as the default behaviour (i.e. no GM installed) is fully compatible, this doesn't seem to be a problem. (Maybe linkify should be disabled by default.) We need to ensure that users know what modifications they are making to how websites display, and also know how to add to blacklists and stuff to solve the problem when things go wrong. We shouldn't just categorise this as a consumer vs producer struggle - that's just silly. GM script writers and website owners should be working together, to benefit the user. 1. User scripts need some sort of verification process. Something to guarantee safety, to the casual user. Perhaps some centralised list of checksums for 'certified' user scripts. 2. Websites should be able to check for what user scripts are installed. Not so as to ban them, but to provide a message that 'The scripts you are using are known to be incompatible. For optimal results, please turn them off.'
"One of the most jaw dropping extensions that I have seen to date." --Anders Conbere
Check it out.
-- Scott Turner
Actually, HTML is a protocol for assisting in the presentation of information. HTTP is a protocol for transferring information.
Any fool can talk, but it takes a wise man to listen.
can anyone get this to work? i installed it, the delete button shows up and enables when i check a message, but clicking does nothing.
Spiral out. Keep going...
Make every single page one colossal image with an image map for links! That way there's not much the user can do, and you are victorious in your subjugation! Or: relax.
http://www.softwareconsult.dk
Can I use this to get free books at amazon.com? That's how I want the content.
Someone says that it could get hijacked, and constantly display junk data, but I thought if that happened, it was reffered to as "Internet Explorer".
"Greasemonkey will cause you nothing but headaches, and may even be a good reason to delay that Firefox pilot you're planning"
e ss/etc". Without the fragrance of attempted influence.
It's funny how these so called "researches" are always expressing them like "you better not", "this will happen to you if you use this", they're so anxious to influence the reader that they can't even keep it in.
When more trustworthy reviews always state things like "this piece of sw is buggy/crap/has-poor-design/incompatible-with/usel
To me these imperative "researches" only say that some one has paid for those results and hence the opposite _might_ be worth while.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
... but of course the best use of Greasemonkey is "defacement" of some your not-so-favorite sites. When having to work full time with something like .NET makes you really angry, it pleases to see something like this
just to imagine what you would want to do with their site ;-)
by the way, anyone has some grease for slashdot?
If you're writing static webpages, so what? It won't affect you.
If you're writing server-side scripting, you should already be paranoid-checking for bad user submissions. Time to double-check everything is in place.
If you're writing client-side scripts, welcome to hell. You can no longer assume anything will be where you put it, or, in fact, still exist.
What's more, you can't test your site "with greasemonkey" to see if it's OK. You have no idea what the user is going to do to your page with it.
This leaves a handful of options:
1) Make your scripts disable Greasemonkey (which will work until too many sites do it, and it's updated to allow users the final say)
2) Switch productive time fixing bugs and adding features to adding and subsequently wading through checks on every possible error condition that user scripts might make possible.
3) Ignore Greasemonkey and when the users complain your site is broken, inform them it's their own stupid fault.
My personal leaning is towards (3).
html is not a protocol. http is.
IAAL
Excellent link. I'm going to send this to the guy in the next cubicle who insisted that I tell him why his BLINK tags weren't working, because he really needed BLINK. (Not to mention its horrible, horrible succcessor, MARQUEE.)
--grendel drago
Laws do not persuade just because they threaten. --Seneca
hey, a community database with scripts for various sites would be useful. Whenever scripts are available for a certain link, you could get a drop-down near your address bar to choose the way you like that page displayed though I hate the number the security issues this raises
it will be possible to deploy firefox in organizations via an .msi in one of the next versions. See here: http://wiki.mozilla.org/Firefox:1.5_Institutional_ Deployment
IAAL
The site linked was not mine.
I won't pay $49 to find out what the controversy is all about, but Greasemonkey sounds good enough to download and try out.
Despite how useful it is, I have some concern with GreaseMonkey and your browsers security.
The basic problem I see is that user scripts are plug-ins to to a plug-in. User scripts could do things that would be bad for security such as:
GreaseMonkey does not use the white list of sites allowed to install plugins and allows user scripts to be installed from just about anywhere.
I'm worried that somebody could set up a repository of user scripts that appear to do useful things but have spyware embedded in them. Users would install GreaseMonkey user scripts from the site thinking they were getting useful functionality but not realizing they were getting additional "goodies".
I don't install user scripts without knowing how they work and looking over the source myself. Preferably, I write my own. I don't see most users being able to do that sort of analysis. Hence the danger.
--Currency Calculator to Calculate Rates of Exchange for Foreign Currencies
Which site is crashing you? The site linked was not mine... and I noticed it started crashing my browser too. Strange.
For a better guide to disabling Greasemonkey, see this.
The dangers of knowledge trigger emotional distress in human beings.
Dev. website:r .js
http://mojodna.net/2005/04/19/mbta-maps/
Direct link to the Greasemonkey script:
http://maps.mojodna.net/mbta/mbta_google_maps.use
Make every single page one colossal image with an image map for links!
Funny you should mention that. My first introduction to FrontPage was working on a non-profit website. They wanted me to make some "quick changes" to their site. I looked at their site-- it was a GIANT IMAGE of a webpage (text and all), with image maps and rollovers for links. The page could have been laid out with tables with no problems (this was in the ugly days before the DOM and CSS), but their previous web designer opted for this lame method.
So, it is a method that has been used before. Damn the unpredictable nature of the web! Double-damn user control!
Microsoft is to software what Budweiser is to beer.
Why is this better than plain old bookmarklets? Discuss, discuss....
...I love FireFox and it's programmers. If only some companies displayed half the amount of ingenuity.
Patriotism is a virtue of the vicious
My fish love http://scottleonard.ca/ !!!
I understand that the general emphasis is on content, but -- and this is just an observation -- it seems like a lot of coders and non-artsy people I've met regard content with a lot more (perhaps unwarranted) importance. I can see why, of course. But there's also an inexplicable disdain of design and aesthetics that comes with it. I mean, why did we bother with Mosaic, right? Not like anybody needs pretty visuals to read the news or get tech documents or see someone's blog. Who needs design? (Huzzah, sarcasm!)
I do write programs, I do code, and I also make sure that the interface is both usable and aesthetically pleasing. But it seems like many people here don't pay attention to that second part; they want the content provided, nevermind the art put into its display. Again, as an artist and a designer, that is understandable but subtly offensive.
Either way, I like the idea of Greasemonkey. It's pretty damn cool and I give props, as it were. What I don't like, however, is the uproar against people who might be miffed that their design work is being bypassed and ignored. I also don't like the mentality that declares an artist's design the be-all-end-all of the site's presentation.
Good web design demands flexibility; that's why you test in every freaking browser and platform you can. If you can make it look good in even lynx, then more power to you. If you demand people only visit via one browser on one platform with very specific settings, there's a problem. The trick is to make your design good enough that people don't feel compelled to break it. If they do, then hey. Can't win 'em all.
I also realize this probably isn't ever going to be visible on the thread, but eh, well. I needed to say it.
All this noise about Microsoft adding unnecessary hooks to their software with horrible security implications... the shoe's on the other foot again!
Check out Book Burro which lets you see the book prices from other sites. It uses xmlHttpRequest to grab the prices. Amazon wrote about it on their web services blog
Another cool script if you are traveling and very flexible is Expedia Expanded Search.
And if you like non-DRMed MP3, Amazon has them. You can download them faster (skipping intermediate pages) using Amazon Free Music Helper.
Using Greasemonkey or ANY OTHER WEB CLIENT other than the one(s) the author is targetting does not make this a derived art. The original is still in its badly conceived format.
The problem here is that a large number of web "developers" believe that they can control the user's experience. The reality is that this is completely contrary to the HTML standard.
HTML is a method for giving structure to a document. CSS is a method of suggesting look-and-feel of the document. However, NOTHING prevents me from using an arbitrary web client (note: a "browser" is just one type of web client) that will display the structured document in some other way.
If you are designing a page/site in such a way that you try to force a given look-and-feel to everyone, you are limiting the usefulness of your site...not improving it.
Greasemonkey scripts are bound by the same restrictions as any other javascript. That is, javascript from one site can't access anything from another.
Which really sucks for me, I want it to be able to, so that one webapp can pull info from another webapp, without me having to switch back and forth between 5 apps.
But from a security standpoint, it's pretty strict. Barring some cross-site-scripting vulnerability, Greasemonkey doesn't make you unsafe (and even then, such a vulnerability is still an issue, even if you don't install GM).
Great. Now when client call with complaints that data is either being corrupted via contact form or I can honestly look them in the eye and say, "It's the users fault!"
Karma means nothing to me, so suck it...
And your site is a good example why greasemonkey is indeed a good idea. I'm using Mozilla 1.8b1 and it just doesn't render properly. The article linked above just renders up to the "... should be left alone.", so the interesting part is missing (visible only in the print view), the "links" section on the right overlaps with the toolbar-like thing, and the links in the toolbar are only clickable in the upper third of what one would expect to be clickable. And it's far too wide.
That's all stuff people could fix for themselves if you'd let them use greasemonkey, but like this, your articles are essentially unreadable for me.
If you are going to link to your own fucking extension on your own fucking blog, make sure your fucking site can handle the fucking traffic. FUCK!!!
We now know that All Peers are infected with the 12 Grease monkeys.
James Cole
In order to form an immaculate member of a flock of sheep one must, above all, be a sheep.
It does not work. the mails are not deleted. Greasemonkey is cool, but the gmail delete script does not work.
That is, javascript from one site can't access anything from another.
That is blatently untrue. You can fetch images from another server with whatever arguments you want in the url. This makes it possible for you to send information gathered from the current page anywhere the user script desires. Hence my worry about tracking and spyware.
The costly security report is just a money-making troll but there is one issue raised by greasemonkey that may worry a lot of content providers.
Blocking adverts is old hat but greasemonkey lets you do so much more. It offers you the potential to inject links to products from a rival vendor when browsing an online store or rewrite affiliate link ids on a page, to give two examples.
This is going to break a few business models.
Personally I'm not going to shed any tears. Many businesses have completely misunderstood the nature of the web and just seen hyperspace as somewhere else to stick up billboards. Those that can't evolve will die. But when you consider how upset certain people get if you want to just view their site in a manner they hadn't planned on, then we can definitely expect fireworks in the near future.
There's a very heated discussion between Cory Doctorow and Robert Scoble that touches on these issues at http://www.itconversations.com/shows/detail438.htm l about these issues, albeit in the context of Google's Autolink rather than greasemonkey.
Don't run betaware and expect it to work perfectly. :-)
What's up with linking to an article that tries to get us to "pay for research", when I would wager that it's a 99% chance that the only "research" there is someone's opinion. If they'd like to give me an example, or an excerpt, I might try it. At this point, I can think of many other things to spend money on.
Look behind you...
Suicide by slashot. :)
Your monitor is staring at you.
You are absolutely correct. A web browser is a tool for displaying data from an unknown - and therefore untrusted - source, namely the Web. It should never freeze, crash or overflow, no matter what garbage is fed to it.
If Firefox indeed does crash when attempting to view this web page, then this issue needs to be fixed immediately, since not fixing it makes Firefox untrustworthy and thereby completely useless.
Naturally, the same goes to any Net facing app. If the input comes from untrusted source, then it must be considered potentially malicious, and treated with appropriate paranoia.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Userscript, it allows you to load your own javascript code on every page.
Doing nice things like Yahoo Groups Ad Skipping.
It should be noted that Greasemonkey can do this Yahoo trick too.
Its simple - in five years most users will be using some version of Greasemonkey, MS will be forced to adopt a page scripting engine if this catches on. Users will not look at content they do not want to look at.
Can you OSS developers please put a little more thought toward giving non-retarded names to your projects?
Greasemonkey? Seriously.
If you're using firefox, you don't need greasemonkey for what you want to do, you just need to tinker with about:config.
How can they stop you from printing the contents of the screen anyway? Between view source and your OS's print screen button, it should be easy to get around.
I already do not look at any ads. NONE. No Adsense ads. No Overture ads. No banner ads. Using Greasemonkey and adblocker, I have created an ad-free web. Soon this will become common, because Microsoft will be foreced to released a Greasemonkey-like tool for IE within the next two years, bet on it. And when they do, the market for scripts for this tool will immediately brim over with everything Greasemonkey coders have thought of and then some. It will happen. Users will not look at any content they do not approve of in five years.
I've only rarely used telnet... for Quake servers, actually.
Please post a screenshot! I haven't had time to do browser checking, but soon I will be serving custom templates for each of the strange browsers.
The dangers of knowledge trigger emotional distress in human beings.
"...it shifts the balance of power from content creators to content consumers."
Shouldn't that be back to content consumers? Am I mis-remembering, or wasn't there once a time when Web browsers had built-in functionality to actually let users customize how certain tags got rendered in the browser window (fonts, colors, etc.)?
This attitude just drives me insane. If you aren't smart enough to find a reputable source to download things from, you should not be on The Internets, sir. The computer you purchased for $2500 from Gateway does not say "Fisher Price" on the side.
The solution to the spyware/malware problem is twofold. The browser needs to be foolproof in that a malicious website will not be able to install something without the user being notified that, yes, they're allowing something to run on their computer. But 99% of the problem is just plain stupidity on the part of the user. If you go to the porno site that says "You must install our plugin in order to get xxx videos of Britney Spears!!!11!!" and actually click "accept", you deserve to have your computer melted down.
The spyware problem won't go away until the OS takes away our freedom (this is a bad thing, don't do it) or the users get smarter. It doesn't matter if you have to put in the root password to install things. Sure, it would help, but for the most part people know that they're doing something they shouldn't do, and they do it anyway.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
As GreaseMonkey.MozDev.Org is slashdotted, here's the obligitory link to get Greasemonkey:
Install/Download GreaseMonkey
Enjoy!
DouglasK Do Justly. Love Mercy. Walk humbly with your God.
Here is a Greasemonkey user script (and some more too) to remove that anti-feature:y .html
http://blog.monstuff.com/archives/cat_greasemonke
When on IMDB, I want a button that lets me queue the movie I am currently viewing in Netflix.
This might exceed the scope of what's possible with GreaseMonkey. Any movie-maniac/programmer-maniac takers?
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
It's a shame this article is a dupe. When I saw it here on /. ages ago, I put Greasemonkey on my computer.
Come on. This is getting rediculous.
All your searching needs (and free money!) - 4Lancer.net
For the record, Opera's implementation predates Greasemonkey, as Rijk van Geijtenbeek (Opera employee) mentions on his web page:
It should also be noted that Opera user javascript offers more powerful event hooks than Greasemonkey. On the other hand, Greasemonkey has a much nicer script management interface--that is, it has one.
Well, take a look at Opera's UserJS at http://www.opera.com/support/tutorials/userjs/
They ways JS can be hooked into a webpage are far better than the Greasemonkey ones.
Whereas Greasemonkey scripts will be added at the end of a page, look at what Opera offers:
Funktions can be called before events, after events, before event handlers and after event handlers. And they have power. Like preventing the call of a eventhandler depending on the event data. Or null the cancelation (or stopped propagation) of an event that happened in a page's event handler. BeforeExternalScript to prevent loading external scripts, BeforeScript where you can prevent a script block to be executed. Or you can just change it and then allow its execution. Or you can capture read/write access to a global variable and manipulate it.
Great stuff, although it does have its rough edges and things to be enhanced.
People just don't grasp the difference between altering a work and redistributing the altered work.
/. works for users. If everyone goes and gets it, how is that any different than if someone mirrored a 'fixed' slashdot on their server? It's kind of a slippery slope...
So then, since you posess such infinite wisdom, what is the difference between distributing altered works, and distributing software that when used to alter the unaltered works the same way for everyone? The partent article mentions a slashdot plugin, that could alter the way that
HA! I just wasted some of your bandwidth with a frivolous sig!
It says "Morons in web space!" but it should be "Moron in web space!" referring to the author.
Here's an illustrative example: "...their crummy web browser (Microsoft's Internet Explorer, on Microsoft Windows), can't always manage to correctly choose a serif, or sans-serif, type of font for the page (its behaviour is incorrect and inconsistent, and no excuse to kludge everything just to suit its foibles)."
See? To him, being compatible with the most popular web browser in the world doesn't matter. Instead the important thing is being compatible with an abstract specification that nobody anywhere implements perfectly.
In other words, as long as you can blame someone else for it, your failure doesn't matter, and the rulebook matters more than the real world.
He's a moron, plain and simple; a born loser who loves failures. For instance, he's an Amiga fan.
HTML is a page-layout language. It has been as long as the web has been popular. I suppose XHTML isn't, but then, XHTML isn't the language which defines the web. HTML is. Nothing standards authors decide is going to change the billions of pages that are already out there, and they're never all going away. Web browsers will always have to support HTML as a page-layout language, and the standards authors are only adding confusion by deprecating reality.
Having GreaseMonkey add a random signature to comments was a feature that I felt was long missing from slashdot.
--
www.snop.com - Home of Dungeon Adventures for PalmOS.
Generated by SlashdotRndSig via GreaseMonkey
What's the point?
If the advertising isn't intrusive, I really don't see it as offensive, or even why people would bother to block it (I said "intrusive"--this includes popups, blinking, noticable delays to the page loading, blinking, launching more windows, blinking, taking up large amounts of space, blinking, audio effects, blinking, appearing in front of text, blinking, and, most importantly, blinking).
I don't usually pay attention to them, though occasionally I find a useful one. They pay for some of the content I'd like.
Then again, sometimes I stop my tivo's fast-forward to see an ad for something that interests me.
hawk
couldnt this present security issues? like expose security holes and allow script injection to be done much easier?
Webmasters, start becoming more proactive.
Wow, you really and truly miss the entire point of the Web. You cannot, simply cannot control what the web client does with the data you send it. Once it leaves your web server, it is out of your control, and that is the way it should be. The entire point of the Web is that people can view content the way they want to see it, not be restricted by whatever narrow preconceptions you try to force on them.
It is people like you that fuck up the semantic web. It is people like you that use "Best Viewed In" banners. It is people like you that prevent the blind from seeing their site. It is people like you that make pages unviewable in text-based browsers. It is people like you that make red-green colorblind men miss half their content without knowing there is more than they can see. It is people like you that make the World Wide Web a vast wasteland instead of the marvelous garden it could be. The power of the Internet is that it enables unbounded end-to-end connectivity for unrestricted communication. The power of the World Wide Web is that it enables unbridled information exchange and usage in ways never thought possible by the mere providers of said information. It is an emergent system, and your attempts to control it only hinder our communal advancement.
While I really do not wish to descend to ad hominem, it sounds as if the important thing that potential clients should learn from viewing your site is that your work fails to hold up well in the face of variety of client rendering choices.
One of the fundamental design goals of the Web has always been that content is paramount, and presentation is a set of flexible suggestions. The clearest example of this is the "strong" tag. Not bold, not italicized, not underlined, not big and red and blinking, just however the individual user and renderer decide to portray emphasis. If you choose to create content which intentionally thwarts (or even just deals poorly) with this diversity of portrayal, then you have chosen to not participate in the World Wide Web; you are merely creating immutable brochures that you happen to deliver over http.
Some of us turn off sigs for a reason. Now I have to write a user javascript to remove fake sigs, too? Thanks a lot, dickwad.
You extrapolate far to much from that quote somehow implying that my sense of good and evil is influenced by my paycheck when in fact it is very obvious from the context of my original post that the sense of "morals" I was referring to relates directly to the moral dilemma of writing code I do not like because it does not adhere to standards in the industry I have decided to make my living in rather then some greater concept of good and evil and oppression for the sake of profit.
Your random number generation in that script looks screwy to me (with not particularly good javascript coding knowledge) -- I'd say you'll have half as much chance of getting either your first or last sig as any of the rest.
You probably want Math.floor(Math.random() * mySig.length) instead (assuming such a method exists).
Greasemonkey scripts are bound by the same restrictions as any other javascript.
No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.
If you want to share info between different webapps, you'll need to find some way of storing the information -- perhaps add a function that embeds an image with the information you want to upload it to a third server?
That's hilarious, that you reference the moron in question as support for the moron being right.
... he never claimed that you weren't supposed to support MSIE...
The web has been such a success in large part because it's so easy to make pages, and not hard to make pretty pages. Sloppy HTML, tested and adjusted and made pretty on one browser (the most popular at the moment), is the defining language of the web.
There have always been cleaner systems. It's not hard to make one. However, it's impossible to anticipate all desired features. The clean system is going to lose because to keep it clean you have to keep saying "no" (or at least "not yet", which is just as bad) to people who want more features.
Programmers and engineers hate this, but it's the reality of our fast-moving industry. People want prettiness, they want features, they want it NOW, and they want it to work with what they've already got. Users will deal with instability or bugs that they can work around; they don't expect perfection. Users absolutely don't care about how messy things are underneath or how that inconveniences developers.
Oh BTW,
READ IT: "(its behaviour is incorrect and inconsistent, and no excuse to kludge everything just to suit its foibles)"
In other words, if MSIE's "behavior is incorrect," let your page be ugly or broken on MSIE rather than "kludge" it to work.
I'm going to write a Greasemonkey filter for all the Slashdotters who paste their sig into the comment box instead of putting it in the sig box where it belongs. ;)
FLAMEBAIT
Like David Seagull a decade before: this is MY content and by God you are going to see it only the way I want. Back then it was MintGreen background colour and 8-bit displays resulting in white-on-white text. Today CSS must be the tyrant's wet dream. Hardcode everything. Try to wrest some control back by surgically overriding CSS and the browser punishes you by rendering block on top of block.
which article costs money to read?
This has to be the stupidest comment I've ever seen on /.
The whole idea of the standards is to allow the user to view the page in whatever manner is most convienent for them. The content (XHTML) is separated from how it is presented (CSS) just for the sole purpose of enabling the user to take control over how the page is presented.
Whether you choose to use your own CSS file, a screen reader, or just choose to disable images, a user should be able to get all the same content. And as the screen reader mention implies, we're not just talking XHTML and CSS, but accessibility standards as well.
Bottom line is that if you want your website to look the same way on every machine, post the whole damn thing as PDFs or JPEGs. It will look the way you want, but that obviously doesn't make it right.
Try this! It adds new options besides the regular "Map" and "Satellite". You can get USGS Topo maps and TerraServer satellite. All with that delicious Google interface!
"Personally I'm not going to shed any tears. Many businesses have completely misunderstood the nature of the web and just seen hyperspace as somewhere else to stick up billboards. Those that can't evolve will die."
You chant this Mantra, in the absense of any alternative.
The point of a website can be different for its producer than for its consumer. The producer's point could be to express themself, which requires consumption in exactly the style they publish. The consumer's point could be to get the factual information, regardless of its presentation style, or even for restyled representation. The fact that most web content is inseparable from its presentation style means that you, the graphic designer, are necessary for both points, even if the consumer doesn't share the "style" point.
The "point" it seems that you are missing is that the value of the webpage to the consumer can exclude *you*, even if you don't like that.
--
make install -not war
It's very simple. The words "evil" and "suffering" have been abused in situations were either they don't apply, or apply very loosely, and have lost there impact. Become meaningless. It's like calling someone a Nazi. Soon that word will lose it's meaning. Maybe one of these days we'll use words to convey information, instead of trying to foster an agenda on others.
When I go to art museums, even the cream of the crop in Manhattan, I often wish I could change the lighting. Glare, color, context... the curator's lighting often gets in the way of the art. Sometimes I wish I could change the layout of the art, the spatial composition of the works arranged for display. Of course, that's impractical in physical art museums. Webpages, that I'm privately viewing on my own computer, aren't restricted that way. Why shouldn't I rearrange them, if I like them better? Who is the art for, the producer, or the consumer? If for both of us, can't they be satisfied by producing it their way, while I'm satisfied by consuming it my way? Isn't this anti-remix attitude really an attempt by the producer to control the mind of the consumer, trumping the consumer's rights over our own minds?
--
make install -not war
I found this article which did talk about some potential security problems with Windows. It seems hackers could make programs that behave maliciously. According to the article, even Microsoft has expressed concerns along those lines.
"Your websites are not here for you and if they are they shouldn't be online, websites are for the visitor and he can do whatever he wants with the data he receives (including sending the whole content of your website to /dev/null if he finds it funny)"
I'm reading a book titled "The Bill of Rights and Responsabilities" Basically it talks about the responsabilities that go with rights. If you all have a right to " do whatever he wants with the data he receives"? Then it's quite fair to ask; what are the responsabilities that go with that "right"? How does those responsabilities absolve the website of some of its responsabilities? How about its rights?
That's awesome. Thanks!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Greasemonkey scripts are bound by the same restrictions as any other javascript.
;) The wiki page (when it's back up) was something I put up when I first saw GM, because it clearly needed some sort of directory to get some momentum. It's now a stopgap until something more structured is completed. You might try delicious as another directory.
No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.
I'm a dev on GM, and I'd like to shed some light.
First, yes, GM is in the same security sandbox as the page script. It does not run as local script.
The threat model of a user script is the very same as a bookmarklet, except that user scripts get injected without clicks, meaning that the user could forget about some installed script.
If someone installs an Evil(tm) script, it can run on pages that the evil person doesn't control, and provide data back to the evil person.
Note that such evil can be delivered in other ways (bookmarklets, toolbars, etc) which are trojans. You should consider every user script as a possible trojan. So yeah, don't install scripts that do evil things, and if you're not sure, don't install.
We're working on a community-policed user script directory which can confer some level of trust. It's not ready yet. We were slashdotted a little too early.
Also, Greasemonkey supplies some interesting functions to the user script context, including GM_xmlhttpRequest, which allows cross-domain page requests. Couple this with GM_setValue and GM_getValue, and a user script can indeed very effectively share data between different web apps. Before you wail in terror, note that information could be sent to evil third-party domain already by using scripted image tags, iframes, and form posts. GM only opens up an easier way to share data; it does not allow anything that's truly new in this respect.
privoxy main objective is to filter ads and anoying things, but we can easilly setup a filter for one site that change its behavior, look and layaout...
check the slashdot theme changer
i already use it for a long time to correct some bad html code from some pages (mostly for dillo, a very small and fast web browser)
as it use regexp and we can setup to only apply to some urls, the possiblities are endless
Higuita
I moved the copyright info to the js menu under the question mark. What do you think now?
The dangers of knowledge trigger emotional distress in human beings.
in addition to the other problems the comments so far have pointed out, there is a possible copyright/service mark infringement:
Grease monkey has been a quick oil change serice franchise since 1978.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Anyone care to think about IE only websites? If that's how the author wants it to display, who are we to say that we should be able to use Firefox?
I'm not sure how this problem is confined to Greasemonkey. The same concerns apply to any executable code downloaded from anywhere.
Stupid like a fox!
Can we say "papercut"?
Now what someone needs to do is combine Stumbleto with Greasemonkey, so sites I visit are optionally modified by people with similar tastes to me...
Rich Gentlemen Hide - The Existential Comic
No, it's just a browser, better than the alternative (Internet Explorer). The "gift" is the open source, which lets anyone trace a crash, fix it, and share it with everyone else.
--
make install -not war
Well thats it I quit. This is one web developer who has serious issues with the greasemonkey idea. You want to build your own tools for my web sites, fine, but seriously don't start sharing them with people who can't figure out whats genuine and whats a plug-in (which is a lot of people by the looks of the greasemonkey demos) , cause next thing you know I've got my boss coming in the door wondering why our client's sites are providing lists of products from their competitors or are breaking on the latest update, etc. I think the web dev community has it tough enough just trying to support multiple browsers. I love Firefox, but I (and I think I speak for a lot of developers out there) am not enthused about greasemonkey.
-- Bored? Check out my Portfolio
Elinks [the mighty text browser] provided this feature long long back, using Lua scripting to rewrite the pages on the fly
see here on howto do it in elinks.
~561
Is it possible? And what's the best way to do this?
.. can it make slashdot not look ugly
Just my $0.02, as I haven't seen any other posts along these lines... I installed Greasemonkey on my OS X box a couple of weeks ago for some experementing and it caused Firefox to crash a LOT! Fortunately, uninstalling it fixed the problem, and I was able to get my wife to stop using IE again (nothing like sitting down to use the comp and having to close a gazillion pop-up windows!
T.J. Schmitz - the man, the myth, the legend - o
Now how about one that lets me apply my own stylesheet to slashdot or something, and get rid of fucking times new roman and that horrible shade of green forever?
Without precision, my life would be imprecise....
By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers.
No Greasemonkey? Web = Cathedral
Greasemonkey? Web = Bazaar
Flexibility and user control are good. To get the maximum utility out of a tool (like the Internet), we must seek to maximize the number of ways it can be used. Greasemonkey helps us do that. Just imagine if computers themselves were very closed and we could only use them in the ways companies originally intended us to -- they'd be single-purpose fancy calculators, and I for one wouldn't waste money on one. Instead, the openness and untapped potential of these things is amazing, and accounts for many of the advancements we've made in the last 50 years.
Go Greasemonkey!
Finally an employed coder who understands.
... so yesterday I installed greasemonkey with the gmail delete script.
Today I'm locked out of gmail for a suspected breach of T&C. (yep, a 'lockdown in sector 4!')
I contacted gmail and they have unlocked me, but I wonder if it's related?
--- cut: Eat well, exercise, die anyway.
Ok I'm adding this to the discussion kinda late so probably no one will read it, but here goes anyway.
Everybody's arguing left and right about whether or not it's right or fair to use such a thing, but nobody seems to have made what seems to be a very important point to me: frankly, GreaseMonkey just doesn't work very well. Furthermore, I don't think this it will ever evolve into a truly reliable tool, because A) the web is too dynamic and B) scripts don't actually _understand_ the content they are modifying.
At some level the script needs to understand the semantics of the web page, and that's just a hard problem. Basically what the scripts can do currently is simple pattern matching, like "find the container named foo, and insert something before it", but that sort of thing breaks as soon as the web page author decides to change the container name.
Two examples of real-life failure of grease-monkey scripts:
I tried the slashdot nested comment script, and when it works it works pretty well, but for some reason it doesn't work on every slashdot comment page. Whatever pattern it's using doesn't quite cover all the bases.
I tried the gmail delete button thing. The button appeared, but it wouldn't actually delete any mail, and furthermore at one point it seems to have caused gmail to go into an infinite refresh loop that resulted in me getting locked out of account for a while due to "suspicious activity".
Even assuming that Joe Regexpert has really awesome skillz in writing pattern matching code, Joe only sees the version of web pages that get served up to _him_. Any site that uses cookies can potentially serve up very different pages to different users. Many web sites (like slashdot) allow users to configure the appearance of the page. So in order to exhaustively debug his script, Joe Regexpert is going to need to try out all those different combinations of options on the web site. It's possible that for some combination of options, the web site may just serve up a completely different page. Maybe it's a popular configuration, so they've hand-coded a lightweight static version of the page, for instance. Anyway, it's just impossible for Joe to see every version of the page, and so he can't possibly write a script works 100% of the time.
It's just an impossible task in general. And it will be fairly trivial for web designers to make greasemonkey useless by just changing things around, renaming containers, and obfuscating the page with javascript code. It wouldn't be hard to write an automatic obfuscater to generate a different obfuscated page for every user. Then greasemonkey just becomes useless.
I don't deny that it may be useful in some situations, but overall I think if it is adopted widely it will not only annoy web site designers, but also be pretty dangerous for users. a la the gmail lockout above -- a bug in a user script can still cause some pretty serious damage. Deleting all your web mail willy nilly or changing information that is critical to you. It wouldn't be hard to sneak some insidious stuff into one of these scripts.