Home/ Questions/Q 6722827
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T09:29:39+00:00

I’m new at Greasemonkey. I’m trying to create a user script to improve my

  • 0

I’m new at Greasemonkey. I’m trying to create a user script to improve my user experience with a site I often visit.

So I’d like to create a javascript function f(). My function requires a value that, according to my quick research and try at understanding the site’s structure, only exists inside a javascript function g().

I am not sure of which file holds g() on the server, but what I do know is that once the page has finished downloading, g() can be used.

I would like to extract the string value from g() without executing it (with g.toString()).

My question is: how can I access g(), without compromising my computer with unsafeWindow?
(window.g returns null inside the Greasemonkey script).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to use unsafeWindow. It’s really not that evil.

    var string = unsafeWindow.g.toString();

    unsafeWindow is relatively safe. I have previously discovered a method to access an unrestricted window object in GreaseMonkey. Using a specific method, it’s possible to read the original code of the Userscript by the affected page. Specific GreaseMonkey functions (GM_getValue, ..) cannot be used though: Advanced GreaseMonkey: Using constructors/methods/variables at a remote page

    EDIT, regarding the title change
    If you fear that g is not a function, or that the toString method of the function is overwritten, use the following code:

    //Store unsafeWindow.g in a variable, to reduce the possibly defined 
// __defineGetter__ calls to a minimum.
var g_string = unsafeWindow.g;
if(typeof g_string == "function"){
    g_string = Function.prototype.toString.call(g_string);
}
else g_string = ""; //Reset

    Is it safe?

    The previous code is the safest approach, because no methods of g are invoked. The GreaseMonkey wrapper also prevents the affected page from reading the script:

    window.g = function(){}
window.__defineGetter__("g", function(){
    alert(arguments.callee.caller);
});

    The previous code will not show the real caller, but an useless wrapper function:

    function SJOWContentBoundary() {
    [native code]
}
    • 0