Slashdot Mirror
Hacking the Web with Greasemonkey
plasticmillion writes "Greasemonkey is a revolutionary Firefox extension that many feel has enormous implications for the future evolution of the web. By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers. Since its inception, it has given rise to an impressive array of scripts for everything from enhancing Gmail with one-click delete functionality to preventing Hotmail from spawning new windows when you click on external links. In recent Greasemonkey news, Mark Pilgrim just published a comprehensive primer called 'Dive Into Greasemonkey', a must-read for those who want to try their hand at writing their own scripts. It should be noted that Greasemonkey is not without controversy, but this has done nothing to reduce its popularity among web programmers. Even Opera has jumped on the bandwagon with their own version of user scripts. To illustrate the principle to /.ers, I whipped up a handy little script called 'Slashdot Live Comment Tree', which lets you expand and collapse entire threads in an article's comments."
By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers.
Google has tried something similar before with their toolbar and ISBNs.
That said, I am going to use this guide to disable Greasemonkey. I write websites so I can present ideas to people. I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen. That way I can provide content based on expectations of standards compliance.
If you want to display my content with your own formatting, use my RSS feed.
The dangers of knowledge trigger emotional distress in human beings.
If other articles are drawing notice to free registration for articles such as the NYT, why is this one linking to an article trying to charge $34?
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
It should also be noted that the person claiming controvesy is also charging $49.00 for the "research" he has written. Do people buy these things?
Any, the summary of it reads as basically "users might install extensions that don't work with your own corporate pages". Personally, if an end user is installing applications without understanding the implications, you should ask whether that user should be allowed to install applications. The "researcher" claims that this risk should delay Firefox roll-outs in the enterprise.
Who's going to write the "Hide Roland Pipe" stories from Slashdot.
For several months, I labored under IE. 20 windows open everywhere, because it has no tabs. Even though I had managed to install Firefox (don't you love apps that don't require registry keys?), it was no help, because the applications department writes javascript that looks like it was squeezed from between Ballmer's asscheeks.
It was difficult. Took me two months of working with greasemonkey, of 3 minutes stolen here, and 5 minutes borrowed there in between calls (did I mention I'm only a phone monkey for a DSL ISP?). But in the end, not only can I use our main webapp in Firefox, it has features that the standard one doesn't. It often helps to shave up to a minute off of calltimes.
Which may be why I'm in trouble for using Firefox at that job. Dunno.
While I like the features of Greasemonkey lot, I had to uninstall it because it is incompatible with some websites I use often. They jut plain don't work with Greasemonkey enabled.
Example: map.search.ch/etoy (The map does not display at all)
I've submitted a bug about it, but my submission has been completely ignored (as mozdev.org is slashdotted right now I don't have the reference handy).
Markus
Google cache of guide to disable Greasemonkey
Evolution or ID?
You can fix rendering bugs that the site owner can't be bothered to fix themselves.
:)
Could be useful for Slashdot then
Websites are a strange medium. Things like greasemonkey and adblock and google toolbar have been spurring these debates about content control.
I would not be suprised if this debate grew bigger as the popularity of client side controll apps gets bigger.
Alot of people want their webpage to look the way they intended it to look, but I think the truth is that you can not count on that. Different browsers, different computers, different monitors...
I am in favor of client side tools, I think that a user getting the best use possible out of a site is a good thing, in fact that is my goal when designing a website. If they think they can do it better, be my guest.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
So I run off in hopes of reading the controversy and it says I need to pay $49.00 to "By the Research"? What gives? Anybody have any worthwhile information to spare us broke college kids a little cash? Or, is my exam fragmented brain missing something that should be obvious?
My lame blog.
Just publish your site as a collection of image files.
That'll teach them young whipper-snappers!
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
To get more Opera-like behaviour is easy and can be done by the extensible options in Firefox like SO.
Thus all those hotmail and gmail open link in new window pains will just go away!
One very interesting thread has been misuse of Greasemonkey(GM). GM allow script authors to use an XML_HTTPrequest() type functionality. This is often to look up information services, such as google, de.li.ci.ous, weather etc.
With a poorly coded script, there could be thousands of http connections spawned per page transition. A DDOS of sorts. This will be an interesting one to tackle.
Any ideas out there??
[% slash_sig_val.text %]
I have a web page that runs a little javascript at the end, where it pops up an alert window, then redirects to another page. I would like to write a greasemonkey script to remove this redirection. Unfortunately, the page's javascript gets run before greasemonkeys. Any ideas about how get my greasemonkey script to run sooner?
I'm a leaf on the wind. Watch how I soar.
In order to avoid $50 articles, I found this article which did talk about some potential security problems with greasemonkey. It seems hackers could make scripts that behave maliciously. According to the article, even the original greasemonkey developer has expressed concerns along those lines.
It does, basically user scripts (Greasemonkey or Opera) are bookmarklets automatically executing when you browse a specific site (pattern matching allows the browser to execute the userscript that should be upon entering the website).
Oh, and there is no limit in a user script size, which isn't the case of a bookmarklet (even though you can execute external scripts from a bookmarklet)
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Is this sting powerful enough to take back control of your passwords? The day that autocomplete became enforced users lost the power to manage their passwords. can GM be used to removed this directive?
Of course, it's perfectly understandable that you'd want to control your website, but I think the way you're approaching hypertext is missing a lot of its elegance. I mean, theoretically the act of browsing in and of itself gives the reader a certain amount of authorial power, and if web developers learned to abstract their designs and fully embrace XML and CSS, the display of a site should be completely customizable by the user (with a custom style sheet.) Of course, the chances of this happening are next to nil, and who's to say that the web would be any better for it? In any case, though, I think that the best way to work towards a good/useful internet in the future is to cede as much authorial power as possible to the readers. Anyway, I drag on. Should probably stay away from slashdot after an all-nighter.
"Even Opera has jumped on the bandwagon with their own version of user scripts." Well, considering that Opera previewed a similar technology back in early 2003, I'm not so sure you could call that "jumping the bandwagon". But still, it's a nice edition, both to Firefox and Opera.
Here's handy script to parse out Xeni Jardin's content on boingboing. Now if only I had one to parse out Doctorow's fucking Disney fetish, I'd be all set.
Not a problem. If I worked in the same company as you, I'd just fix it myself.
And, in my example, it's not anything that looks like they were working around IE. They just chose sloppy, IE-only javascript syntax, the kind of stuff that was deprecated even in 4.
Hell, I've even found the odd <XMP> tag...
Hell, if I want to print it out and use it as toilet paper, I will.
Now that you've said this, everyone is going to use my site as TP. Thanks, buddy.
The dangers of knowledge trigger emotional distress in human beings.
That web page you metioned renders horrendously in Firefox 1.0.1 (Linux)....
If only I knew how to use Greasemonkey to make that page render correctly...........
Yes, fixing a broken tool myself during what would otherwise be unusable downtime, that shows a lack of respect for the rules *and* absence of initiative.
Wait a sec... Roger (my boss), is that you?
"It is nothing personal, it is just business and honestly, my paycheck, not my morals, dictate my work environment."
The second worst thing about that statement is that you sound as if you mean it.
The worst thing is that you sound as if you're proud of it.
This attitude causes most of the suffering and evil in the world. The relatively few people who actually have the goal of harming others wouldn't get very far without lots of wimps with this attitude.
(I may just be troll feeding here, but I still had to call it.)
Exam 4/C again. Maybe I'll do better this time.
I write websites so I can present ideas to people. I don't want them to see my site the way they want to see it. I want them to see it the way it was meant to be seen.
First of all, I'd be surprised if more the 1% of your site's vistors have this extension installed. For the few who do and have figured out to hack Greasemonkey to have your web site work better for them (1) they are probably geeks who are going to get pissed at you and (2) they are probably regular users of your site who are fully cognizant of your brilliant design -- it just doesn't work for them.
Hopefully, you don't fall into this category, but we all have experienced sites by designers who were so obsessed with their own brilliance that they've never figured out that their sites are unusable. Often it is not the designer who is at fault, but customers with delusions of being designers, who put up huge, useless graphics, or long pointless flash intros to their sites. They lose site of the fact that users want to use their site; and that the user may have very different characteristics.
The web is an interactive medium; if a user wants to be bothered to use your site in some way that doesn't come from you, I'd be pleased.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
If someone can't view your site as influenced by some Greasemonkey script or another, it's their fault and their problem. Not yours. You go ahead and provide standards-compliant, semantic markup, and folks'll use it as-is or filter it through something like Greasemonkey.
What's next---are you going to tell people they can't visit your site using lynx, or with images turned off, or that they can't change their font size, so they'll have to squint like everyone else?
What's the point of making it harder on your users, of taking away functionality from them?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Reading the referenced blog entry, there is a good point to be made where GM breaks sites. The point of standard compliance is that consumers are free to see the output that the producers intended, not that consumers would be forced into one way of working, and enjoying content. Now, so long as the default behaviour (i.e. no GM installed) is fully compatible, this doesn't seem to be a problem. (Maybe linkify should be disabled by default.) We need to ensure that users know what modifications they are making to how websites display, and also know how to add to blacklists and stuff to solve the problem when things go wrong. We shouldn't just categorise this as a consumer vs producer struggle - that's just silly. GM script writers and website owners should be working together, to benefit the user. 1. User scripts need some sort of verification process. Something to guarantee safety, to the casual user. Perhaps some centralised list of checksums for 'certified' user scripts. 2. Websites should be able to check for what user scripts are installed. Not so as to ban them, but to provide a message that 'The scripts you are using are known to be incompatible. For optimal results, please turn them off.'
"One of the most jaw dropping extensions that I have seen to date." --Anders Conbere
Check it out.
-- Scott Turner
Actually, HTML is a protocol for assisting in the presentation of information. HTTP is a protocol for transferring information.
Any fool can talk, but it takes a wise man to listen.
can anyone get this to work? i installed it, the delete button shows up and enables when i check a message, but clicking does nothing.
Spiral out. Keep going...
Make every single page one colossal image with an image map for links! That way there's not much the user can do, and you are victorious in your subjugation! Or: relax.
http://www.softwareconsult.dk
"Greasemonkey will cause you nothing but headaches, and may even be a good reason to delay that Firefox pilot you're planning"
e ss/etc". Without the fragrance of attempted influence.
It's funny how these so called "researches" are always expressing them like "you better not", "this will happen to you if you use this", they're so anxious to influence the reader that they can't even keep it in.
When more trustworthy reviews always state things like "this piece of sw is buggy/crap/has-poor-design/incompatible-with/usel
To me these imperative "researches" only say that some one has paid for those results and hence the opposite _might_ be worth while.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
... but of course the best use of Greasemonkey is "defacement" of some your not-so-favorite sites. When having to work full time with something like .NET makes you really angry, it pleases to see something like this
just to imagine what you would want to do with their site ;-)
by the way, anyone has some grease for slashdot?
If you're writing static webpages, so what? It won't affect you.
If you're writing server-side scripting, you should already be paranoid-checking for bad user submissions. Time to double-check everything is in place.
If you're writing client-side scripts, welcome to hell. You can no longer assume anything will be where you put it, or, in fact, still exist.
What's more, you can't test your site "with greasemonkey" to see if it's OK. You have no idea what the user is going to do to your page with it.
This leaves a handful of options:
1) Make your scripts disable Greasemonkey (which will work until too many sites do it, and it's updated to allow users the final say)
2) Switch productive time fixing bugs and adding features to adding and subsequently wading through checks on every possible error condition that user scripts might make possible.
3) Ignore Greasemonkey and when the users complain your site is broken, inform them it's their own stupid fault.
My personal leaning is towards (3).
html is not a protocol. http is.
IAAL
Excellent link. I'm going to send this to the guy in the next cubicle who insisted that I tell him why his BLINK tags weren't working, because he really needed BLINK. (Not to mention its horrible, horrible succcessor, MARQUEE.)
--grendel drago
Laws do not persuade just because they threaten. --Seneca
hey, a community database with scripts for various sites would be useful. Whenever scripts are available for a certain link, you could get a drop-down near your address bar to choose the way you like that page displayed though I hate the number the security issues this raises
it will be possible to deploy firefox in organizations via an .msi in one of the next versions. See here: http://wiki.mozilla.org/Firefox:1.5_Institutional_ Deployment
IAAL
I won't pay $49 to find out what the controversy is all about, but Greasemonkey sounds good enough to download and try out.
Despite how useful it is, I have some concern with GreaseMonkey and your browsers security.
The basic problem I see is that user scripts are plug-ins to to a plug-in. User scripts could do things that would be bad for security such as:
GreaseMonkey does not use the white list of sites allowed to install plugins and allows user scripts to be installed from just about anywhere.
I'm worried that somebody could set up a repository of user scripts that appear to do useful things but have spyware embedded in them. Users would install GreaseMonkey user scripts from the site thinking they were getting useful functionality but not realizing they were getting additional "goodies".
I don't install user scripts without knowing how they work and looking over the source myself. Preferably, I write my own. I don't see most users being able to do that sort of analysis. Hence the danger.
--Currency Calculator to Calculate Rates of Exchange for Foreign Currencies
Which site is crashing you? The site linked was not mine... and I noticed it started crashing my browser too. Strange.
For a better guide to disabling Greasemonkey, see this.
The dangers of knowledge trigger emotional distress in human beings.
Dev. website:r .js
http://mojodna.net/2005/04/19/mbta-maps/
Direct link to the Greasemonkey script:
http://maps.mojodna.net/mbta/mbta_google_maps.use
Make every single page one colossal image with an image map for links!
Funny you should mention that. My first introduction to FrontPage was working on a non-profit website. They wanted me to make some "quick changes" to their site. I looked at their site-- it was a GIANT IMAGE of a webpage (text and all), with image maps and rollovers for links. The page could have been laid out with tables with no problems (this was in the ugly days before the DOM and CSS), but their previous web designer opted for this lame method.
So, it is a method that has been used before. Damn the unpredictable nature of the web! Double-damn user control!
Microsoft is to software what Budweiser is to beer.
Why is this better than plain old bookmarklets? Discuss, discuss....
...I love FireFox and it's programmers. If only some companies displayed half the amount of ingenuity.
Patriotism is a virtue of the vicious
My fish love http://scottleonard.ca/ !!!
Using Greasemonkey or ANY OTHER WEB CLIENT other than the one(s) the author is targetting does not make this a derived art. The original is still in its badly conceived format.
The problem here is that a large number of web "developers" believe that they can control the user's experience. The reality is that this is completely contrary to the HTML standard.
HTML is a method for giving structure to a document. CSS is a method of suggesting look-and-feel of the document. However, NOTHING prevents me from using an arbitrary web client (note: a "browser" is just one type of web client) that will display the structured document in some other way.
If you are designing a page/site in such a way that you try to force a given look-and-feel to everyone, you are limiting the usefulness of your site...not improving it.
Greasemonkey scripts are bound by the same restrictions as any other javascript. That is, javascript from one site can't access anything from another.
Which really sucks for me, I want it to be able to, so that one webapp can pull info from another webapp, without me having to switch back and forth between 5 apps.
But from a security standpoint, it's pretty strict. Barring some cross-site-scripting vulnerability, Greasemonkey doesn't make you unsafe (and even then, such a vulnerability is still an issue, even if you don't install GM).
Great. Now when client call with complaints that data is either being corrupted via contact form or I can honestly look them in the eye and say, "It's the users fault!"
Karma means nothing to me, so suck it...
We now know that All Peers are infected with the 12 Grease monkeys.
James Cole
In order to form an immaculate member of a flock of sheep one must, above all, be a sheep.
That is, javascript from one site can't access anything from another.
That is blatently untrue. You can fetch images from another server with whatever arguments you want in the url. This makes it possible for you to send information gathered from the current page anywhere the user script desires. Hence my worry about tracking and spyware.
The costly security report is just a money-making troll but there is one issue raised by greasemonkey that may worry a lot of content providers.
Blocking adverts is old hat but greasemonkey lets you do so much more. It offers you the potential to inject links to products from a rival vendor when browsing an online store or rewrite affiliate link ids on a page, to give two examples.
This is going to break a few business models.
Personally I'm not going to shed any tears. Many businesses have completely misunderstood the nature of the web and just seen hyperspace as somewhere else to stick up billboards. Those that can't evolve will die. But when you consider how upset certain people get if you want to just view their site in a manner they hadn't planned on, then we can definitely expect fireworks in the near future.
There's a very heated discussion between Cory Doctorow and Robert Scoble that touches on these issues at http://www.itconversations.com/shows/detail438.htm l about these issues, albeit in the context of Google's Autolink rather than greasemonkey.
Yes, but you used the Printer version. :-)
The dangers of knowledge trigger emotional distress in human beings.
What's up with linking to an article that tries to get us to "pay for research", when I would wager that it's a 99% chance that the only "research" there is someone's opinion. If they'd like to give me an example, or an excerpt, I might try it. At this point, I can think of many other things to spend money on.
Look behind you...
Suicide by slashot. :)
Your monitor is staring at you.
Yeah, our site is not prepared for this kind of abuse (the slashdotting, that is, not your charming comment). Check back later... the script is worth it!
Peer Pressure
You are absolutely correct. A web browser is a tool for displaying data from an unknown - and therefore untrusted - source, namely the Web. It should never freeze, crash or overflow, no matter what garbage is fed to it.
If Firefox indeed does crash when attempting to view this web page, then this issue needs to be fixed immediately, since not fixing it makes Firefox untrustworthy and thereby completely useless.
Naturally, the same goes to any Net facing app. If the input comes from untrusted source, then it must be considered potentially malicious, and treated with appropriate paranoia.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Userscript, it allows you to load your own javascript code on every page.
Doing nice things like Yahoo Groups Ad Skipping.
It should be noted that Greasemonkey can do this Yahoo trick too.
Its simple - in five years most users will be using some version of Greasemonkey, MS will be forced to adopt a page scripting engine if this catches on. Users will not look at content they do not want to look at.
If you're using firefox, you don't need greasemonkey for what you want to do, you just need to tinker with about:config.
How can they stop you from printing the contents of the screen anyway? Between view source and your OS's print screen button, it should be easy to get around.
I already do not look at any ads. NONE. No Adsense ads. No Overture ads. No banner ads. Using Greasemonkey and adblocker, I have created an ad-free web. Soon this will become common, because Microsoft will be foreced to released a Greasemonkey-like tool for IE within the next two years, bet on it. And when they do, the market for scripts for this tool will immediately brim over with everything Greasemonkey coders have thought of and then some. It will happen. Users will not look at any content they do not approve of in five years.
I've only rarely used telnet... for Quake servers, actually.
Please post a screenshot! I haven't had time to do browser checking, but soon I will be serving custom templates for each of the strange browsers.
The dangers of knowledge trigger emotional distress in human beings.
"...it shifts the balance of power from content creators to content consumers."
Shouldn't that be back to content consumers? Am I mis-remembering, or wasn't there once a time when Web browsers had built-in functionality to actually let users customize how certain tags got rendered in the browser window (fonts, colors, etc.)?
Possible, yes, probably, easily I doubt it, GM is heavy Javascript/DOM tuning. You can find Greasemonkey on The Extensions Mirror BTW, and you may want to check Platypus, which is basically an "interface" to Greasemonkey (allows you to modify a website, and if you need it you can save your modifications as a GM script)
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
This attitude just drives me insane. If you aren't smart enough to find a reputable source to download things from, you should not be on The Internets, sir. The computer you purchased for $2500 from Gateway does not say "Fisher Price" on the side.
The solution to the spyware/malware problem is twofold. The browser needs to be foolproof in that a malicious website will not be able to install something without the user being notified that, yes, they're allowing something to run on their computer. But 99% of the problem is just plain stupidity on the part of the user. If you go to the porno site that says "You must install our plugin in order to get xxx videos of Britney Spears!!!11!!" and actually click "accept", you deserve to have your computer melted down.
The spyware problem won't go away until the OS takes away our freedom (this is a bad thing, don't do it) or the users get smarter. It doesn't matter if you have to put in the root password to install things. Sure, it would help, but for the most part people know that they're doing something they shouldn't do, and they do it anyway.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
As GreaseMonkey.MozDev.Org is slashdotted, here's the obligitory link to get Greasemonkey:
Install/Download GreaseMonkey
Enjoy!
DouglasK Do Justly. Love Mercy. Walk humbly with your God.
Here is a Greasemonkey user script (and some more too) to remove that anti-feature:y .html
http://blog.monstuff.com/archives/cat_greasemonke
When on IMDB, I want a button that lets me queue the movie I am currently viewing in Netflix.
This might exceed the scope of what's possible with GreaseMonkey. Any movie-maniac/programmer-maniac takers?
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
It's a shame this article is a dupe. When I saw it here on /. ages ago, I put Greasemonkey on my computer.
Come on. This is getting rediculous.
All your searching needs (and free money!) - 4Lancer.net
People just don't grasp the difference between altering a work and redistributing the altered work.
/. works for users. If everyone goes and gets it, how is that any different than if someone mirrored a 'fixed' slashdot on their server? It's kind of a slippery slope...
So then, since you posess such infinite wisdom, what is the difference between distributing altered works, and distributing software that when used to alter the unaltered works the same way for everyone? The partent article mentions a slashdot plugin, that could alter the way that
HA! I just wasted some of your bandwidth with a frivolous sig!
Having GreaseMonkey add a random signature to comments was a feature that I felt was long missing from slashdot.
--
www.snop.com - Home of Dungeon Adventures for PalmOS.
Generated by SlashdotRndSig via GreaseMonkey
What's the point?
If the advertising isn't intrusive, I really don't see it as offensive, or even why people would bother to block it (I said "intrusive"--this includes popups, blinking, noticable delays to the page loading, blinking, launching more windows, blinking, taking up large amounts of space, blinking, audio effects, blinking, appearing in front of text, blinking, and, most importantly, blinking).
I don't usually pay attention to them, though occasionally I find a useful one. They pay for some of the content I'd like.
Then again, sometimes I stop my tivo's fast-forward to see an ad for something that interests me.
hawk
That was, of course, metaphorical, but seeing people like you spouting that kind of crap supports his point.
You not understanding what the author writes is one thing, you being a goddam retard is another one, but calling the webmaster a moron because of your very stupidity does nothing but enforce his claims by you feeling that what he says applies to you.
Oh BTW, what you quoted was him pointing out one of the multiple failures of MSIE, he never claimed that you weren't supposed to support MSIE (he in facts says the exact opposite, even though he, too, would like that browser to disappear, much like most of the web developpers), he merely says that MSIE blows donkey balls, which everyone with a clue knows is true.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
While I really do not wish to descend to ad hominem, it sounds as if the important thing that potential clients should learn from viewing your site is that your work fails to hold up well in the face of variety of client rendering choices.
One of the fundamental design goals of the Web has always been that content is paramount, and presentation is a set of flexible suggestions. The clearest example of this is the "strong" tag. Not bold, not italicized, not underlined, not big and red and blinking, just however the individual user and renderer decide to portray emphasis. If you choose to create content which intentionally thwarts (or even just deals poorly) with this diversity of portrayal, then you have chosen to not participate in the World Wide Web; you are merely creating immutable brochures that you happen to deliver over http.
Your random number generation in that script looks screwy to me (with not particularly good javascript coding knowledge) -- I'd say you'll have half as much chance of getting either your first or last sig as any of the rest.
You probably want Math.floor(Math.random() * mySig.length) instead (assuming such a method exists).
Greasemonkey scripts are bound by the same restrictions as any other javascript.
No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.
If you want to share info between different webapps, you'll need to find some way of storing the information -- perhaps add a function that embeds an image with the information you want to upload it to a third server?
Like David Seagull a decade before: this is MY content and by God you are going to see it only the way I want. Back then it was MintGreen background colour and 8-bit displays resulting in white-on-white text. Today CSS must be the tyrant's wet dream. Hardcode everything. Try to wrest some control back by surgically overriding CSS and the browser punishes you by rendering block on top of block.
This has to be the stupidest comment I've ever seen on /.
The whole idea of the standards is to allow the user to view the page in whatever manner is most convienent for them. The content (XHTML) is separated from how it is presented (CSS) just for the sole purpose of enabling the user to take control over how the page is presented.
Whether you choose to use your own CSS file, a screen reader, or just choose to disable images, a user should be able to get all the same content. And as the screen reader mention implies, we're not just talking XHTML and CSS, but accessibility standards as well.
Bottom line is that if you want your website to look the same way on every machine, post the whole damn thing as PDFs or JPEGs. It will look the way you want, but that obviously doesn't make it right.
which article costs money to read?
This one. In the slashot story it is the link on the word "controversy".
There's a one paragraph blurb claiming "But IT managers beware: Greasemonkey will cause you nothing but headaches, and may even be a good reason to delay that Firefox pilot you're planning", but giving absolutely no reason. If you look on the right it says:
Buy this research
Price: US$49.00
Report Length: 3 pages
I really don't think Slashdot should bother linking to a page with absolutely NO information on it and requesting a payment to get info.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Except, it won't be installed by default, and users downloading it and installing it once they have firefox ought to understand what it does and any potential risks. Particularly (I haven't used it yet, but assume this is either the case or will soon be) there ought to be a warning in the user interface that installing scripts can be potentially harmful, similar to the one that exists when you install an XPI package.
Oh, you're serious?
Yes!
Simply set up a script that grabs the title and author of the book, looks it up at a selection of free e-book sites (e.g. project gutenberg, baen.com, etc.) and adds a link if it finds it. Et voila!
Try this! It adds new options besides the regular "Map" and "Satellite". You can get USGS Topo maps and TerraServer satellite. All with that delicious Google interface!
Yes, because:
(1) there ought to be a big warning box with an enforced reading period (like when you install an xpi package) explaining the potential security problems, and
(2) chances are, only power users are going to be playing with this anyway.
The point of a website can be different for its producer than for its consumer. The producer's point could be to express themself, which requires consumption in exactly the style they publish. The consumer's point could be to get the factual information, regardless of its presentation style, or even for restyled representation. The fact that most web content is inseparable from its presentation style means that you, the graphic designer, are necessary for both points, even if the consumer doesn't share the "style" point.
The "point" it seems that you are missing is that the value of the webpage to the consumer can exclude *you*, even if you don't like that.
--
make install -not war
When I go to art museums, even the cream of the crop in Manhattan, I often wish I could change the lighting. Glare, color, context... the curator's lighting often gets in the way of the art. Sometimes I wish I could change the layout of the art, the spatial composition of the works arranged for display. Of course, that's impractical in physical art museums. Webpages, that I'm privately viewing on my own computer, aren't restricted that way. Why shouldn't I rearrange them, if I like them better? Who is the art for, the producer, or the consumer? If for both of us, can't they be satisfied by producing it their way, while I'm satisfied by consuming it my way? Isn't this anti-remix attitude really an attempt by the producer to control the mind of the consumer, trumping the consumer's rights over our own minds?
--
make install -not war
That's awesome. Thanks!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Greasemonkey scripts are bound by the same restrictions as any other javascript.
;) The wiki page (when it's back up) was something I put up when I first saw GM, because it clearly needed some sort of directory to get some momentum. It's now a stopgap until something more structured is completed. You might try delicious as another directory.
No, they aren't. They are inserted into the code of another site's pages, therefore they get local access priveleges over those pages.
I'm a dev on GM, and I'd like to shed some light.
First, yes, GM is in the same security sandbox as the page script. It does not run as local script.
The threat model of a user script is the very same as a bookmarklet, except that user scripts get injected without clicks, meaning that the user could forget about some installed script.
If someone installs an Evil(tm) script, it can run on pages that the evil person doesn't control, and provide data back to the evil person.
Note that such evil can be delivered in other ways (bookmarklets, toolbars, etc) which are trojans. You should consider every user script as a possible trojan. So yeah, don't install scripts that do evil things, and if you're not sure, don't install.
We're working on a community-policed user script directory which can confer some level of trust. It's not ready yet. We were slashdotted a little too early.
Also, Greasemonkey supplies some interesting functions to the user script context, including GM_xmlhttpRequest, which allows cross-domain page requests. Couple this with GM_setValue and GM_getValue, and a user script can indeed very effectively share data between different web apps. Before you wail in terror, note that information could be sent to evil third-party domain already by using scripted image tags, iframes, and form posts. GM only opens up an easier way to share data; it does not allow anything that's truly new in this respect.
privoxy main objective is to filter ads and anoying things, but we can easilly setup a filter for one site that change its behavior, look and layaout...
check the slashdot theme changer
i already use it for a long time to correct some bad html code from some pages (mostly for dillo, a very small and fast web browser)
as it use regexp and we can setup to only apply to some urls, the possiblities are endless
Higuita
Check out the API reference to see what GM gives that bookmarklets don't (aside from automated execution).
I moved the copyright info to the js menu under the question mark. What do you think now?
The dangers of knowledge trigger emotional distress in human beings.
in addition to the other problems the comments so far have pointed out, there is a possible copyright/service mark infringement:
Grease monkey has been a quick oil change serice franchise since 1978.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Regarding (1), user scripts can't do anything as damaging as chrome (e.g. extensions).
Regarding (2), I am not content with security through obscurity. GM is getting a fair bit of press... You don't have to be a hacker to want persistent searches in GMail.
I'm not sure how this problem is confined to Greasemonkey. The same concerns apply to any executable code downloaded from anywhere.
Stupid like a fox!
Now what someone needs to do is combine Stumbleto with Greasemonkey, so sites I visit are optionally modified by people with similar tastes to me...
Rich Gentlemen Hide - The Existential Comic
No, it's just a browser, better than the alternative (Internet Explorer). The "gift" is the open source, which lets anyone trace a crash, fix it, and share it with everyone else.
--
make install -not war
Well thats it I quit. This is one web developer who has serious issues with the greasemonkey idea. You want to build your own tools for my web sites, fine, but seriously don't start sharing them with people who can't figure out whats genuine and whats a plug-in (which is a lot of people by the looks of the greasemonkey demos) , cause next thing you know I've got my boss coming in the door wondering why our client's sites are providing lists of products from their competitors or are breaking on the latest update, etc. I think the web dev community has it tough enough just trying to support multiple browsers. I love Firefox, but I (and I think I speak for a lot of developers out there) am not enthused about greasemonkey.
-- Bored? Check out my Portfolio
In another reply I posted earlier, I made exactly that point, though not so eliquently. Anything worth doing is going to have risks. Learn to deal with the risk. Not to say Windows is worth anything...
Elinks [the mighty text browser] provided this feature long long back, using Lua scripting to rewrite the pages on the fly
see here on howto do it in elinks.
~561
Is it possible? And what's the best way to do this?
Just my $0.02, as I haven't seen any other posts along these lines... I installed Greasemonkey on my OS X box a couple of weeks ago for some experementing and it caused Firefox to crash a LOT! Fortunately, uninstalling it fixed the problem, and I was able to get my wife to stop using IE again (nothing like sitting down to use the comp and having to close a gazillion pop-up windows!
T.J. Schmitz - the man, the myth, the legend - o
By making it easy to write client-side scripts that modify webpages as you surf, it shifts the balance of power from content creators to content consumers.
No Greasemonkey? Web = Cathedral
Greasemonkey? Web = Bazaar
Flexibility and user control are good. To get the maximum utility out of a tool (like the Internet), we must seek to maximize the number of ways it can be used. Greasemonkey helps us do that. Just imagine if computers themselves were very closed and we could only use them in the ways companies originally intended us to -- they'd be single-purpose fancy calculators, and I for one wouldn't waste money on one. Instead, the openness and untapped potential of these things is amazing, and accounts for many of the advancements we've made in the last 50 years.
Go Greasemonkey!
... so yesterday I installed greasemonkey with the gmail delete script.
Today I'm locked out of gmail for a suspected breach of T&C. (yep, a 'lockdown in sector 4!')
I contacted gmail and they have unlocked me, but I wonder if it's related?
--- cut: Eat well, exercise, die anyway.
Regarding (1), user scripts can't do anything as damaging as chrome (e.g. extensions).
They can snoop on your cookies and passwords. That's damaging enough, as far as I'm concerned.
You can do that with javascript...
How about this pattern, which is included in the book linked from this article?
Ok I'm adding this to the discussion kinda late so probably no one will read it, but here goes anyway.
Everybody's arguing left and right about whether or not it's right or fair to use such a thing, but nobody seems to have made what seems to be a very important point to me: frankly, GreaseMonkey just doesn't work very well. Furthermore, I don't think this it will ever evolve into a truly reliable tool, because A) the web is too dynamic and B) scripts don't actually _understand_ the content they are modifying.
At some level the script needs to understand the semantics of the web page, and that's just a hard problem. Basically what the scripts can do currently is simple pattern matching, like "find the container named foo, and insert something before it", but that sort of thing breaks as soon as the web page author decides to change the container name.
Two examples of real-life failure of grease-monkey scripts:
I tried the slashdot nested comment script, and when it works it works pretty well, but for some reason it doesn't work on every slashdot comment page. Whatever pattern it's using doesn't quite cover all the bases.
I tried the gmail delete button thing. The button appeared, but it wouldn't actually delete any mail, and furthermore at one point it seems to have caused gmail to go into an infinite refresh loop that resulted in me getting locked out of account for a while due to "suspicious activity".
Even assuming that Joe Regexpert has really awesome skillz in writing pattern matching code, Joe only sees the version of web pages that get served up to _him_. Any site that uses cookies can potentially serve up very different pages to different users. Many web sites (like slashdot) allow users to configure the appearance of the page. So in order to exhaustively debug his script, Joe Regexpert is going to need to try out all those different combinations of options on the web site. It's possible that for some combination of options, the web site may just serve up a completely different page. Maybe it's a popular configuration, so they've hand-coded a lightweight static version of the page, for instance. Anyway, it's just impossible for Joe to see every version of the page, and so he can't possibly write a script works 100% of the time.
It's just an impossible task in general. And it will be fairly trivial for web designers to make greasemonkey useless by just changing things around, renaming containers, and obfuscating the page with javascript code. It wouldn't be hard to write an automatic obfuscater to generate a different obfuscated page for every user. Then greasemonkey just becomes useless.
I don't deny that it may be useful in some situations, but overall I think if it is adopted widely it will not only annoy web site designers, but also be pretty dangerous for users. a la the gmail lockout above -- a bug in a user script can still cause some pretty serious damage. Deleting all your web mail willy nilly or changing information that is critical to you. It wouldn't be hard to sneak some insidious stuff into one of these scripts.
I love this comment.
"Greasemonkey will cause you nothing but headaches"
Greasemonkey is user-installed. What a user chooses to do with a content provider's website is their own business. NEXT.
"...may even be a good reason to delay that Firefox pilot you're planning"
Fearmongering. Greasemonkey has no immediate affect on IT managers. Greasemonkey cannot "break" a website, nor can it change any content permanently. If you don't like users using it, then deny users the ability to install extensions. Or install the extensions you "approve" of and deny the rest. Or let users do what they want and refuse to answer their support questions. Whatever you want to do. Greasemonkey does not magically make doing IT any different then any other software install.