I have a Greasemonkey script that dynamically inserts an HTML form into some web pages. The form can then be POSTed, by the user, for processing to a PHP script on a different domain.
The GM script inserts something like this:
<form method="post" action="http://somedomain.com/process.php">
<input type="text name="sometext">
<input type="submit" name="s" value="submit!">
</form>
Now, is there any way for the web site to know where this form gets submitted to? Is it possible to prevent this (using browser or other settings), and if yes, how?
I’m not really sure what you are asking, but you are putting something in the DOM of the site (client-side) with greasemonkey, right?
Well, normally they would not notice this, and you are posting (still from the client side) to another place, so you’d be in the clear.
But if the site is REALLY PARANOID, tinfoil hat style, I suppose they could be fireing events that when they fire AFTER you’ve modified the dom and do stuff. But that would be kinda rediculous to presume. still, it could do something like
But that code should be visible for you from the source. Could be obfuscated and all, but still, it would run client-side, so you should be able to control it. I’d really not worry about that.