Greasemonkey windows script host

Viewed 2k times. Thanks for any help! Matt Matt 13 3 3 bronze badges. Add a comment. Active Oldest Votes. Brock Adams Brock Adams I think part of my problem was also that I thought I was running code from the page when in reality I wasn't. Thanks for helping clarify. I'm going to try it again, adding in location hacks where necessary. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.

Due to the way Greasemonkey injects user scripts into a page, this line number is not actually useful, and you should ignore it. It is not the line number within your user script where the exception occurred. What next? Such messages should be taken out before release, but they are enormously helpful in debugging.

Plus, watching the console pile up with log messages is much more satisfying than clicking OK over and over to dismiss multiple alerts. After logging to JavaScript Console, the user script will continue executing normally. Messages logged in Javascript Console are not limited to characters.

Plus, lines in JavaScript Console wrap properly, so you can always scroll down to see the rest of your log message. Go nuts with logging!

In JavaScript Console, you can right-click Mac users Control-click on any line and select Copy to copy it to the clipboard. You can get details on each HTML element, attribute, and text node.

You can explore all the scriptable properties of an object. DOM Inspector is included with the Firefox installation program, but depending on your platform, it might not installed by default. It allows you to right-click on any element—a link, a paragraph, even the page itself—and open DOM Inspector with that element selected.

From there, you can inspect its properties, or see exactly where it fits within the hierarchy of other elements on the page. One last note: DOM Inspector does not follow you as you browse. JavaScript Shell is a bookmarklet that allows you to evaluate arbitrary JavaScript expressions in the context of the current page. You install it simply by dragging it to your links toolbar.

Then you can visit a web page you want to work on, and click the JavaScript Shell bookmarklet in your toolbar. The JavaScript Shell window will open in the background. Think of it as a command line for the DOM. You can enter any JavaScript expressions or commands, and you will see the output immediately. You can even make changes to the page, such as creating a new element document. Your changes are reflected in the original page. One feature of JavaScript Shell that is worth special mention is the props function.

Methods and properties that are specific to link elements such as the blur and focus methods, and the href and hreflang properties are listed first, followed by methods and properties shared by all types of nodes such as the insertBefore method.

Again, this is the same information that is available in DOM Inspector—but with more typing and experimenting, and less pointing and clicking. If you open JavaScript Shell and then navigate somewhere else in the original window, JavaScript Shell will get confused. Add images to web pages without hitting a remote server. A user script is a single file.

Greasemonkey does not provide any mechanism for bundling other resource files, such as image files, along with the JavaScript code. While this might offend the sensibilities of some purists who would prefer to maintain separation between code, styles, markup, and media resources, in practice, it is rarely a problem for me. Instead of posting the image to a web server and having your user script fetch it, you can embed the image data in the script itself by using a data : URL.

A data : URL allows you to encode an image as printable text, so you can store it as a JavaScript string. Firefox will display the image without sending a separate request to any remote server. This user script runs on all pages. It uses an XPath query to find web bugs : 1 x 1-pixel img elements that advertisers use to track your movement online. The script filters this list of potential web bugs to include only those images that point to a third-party site, since many sites use 1 x 1-pixel images for spacing in table-based layouts.

There is no way for Greasemonkey to eliminate web bugs altogether; by the time a user script executes, the image has already been fetched. But we can make them more visible by changing the src attribute of the img element after the fact. The image data is embedded in the script itself. You will see a web bug made visible, as shown in Figure The graphic of the spider does not come from any server; it is embedded in the user script itself.

This makes it easy to distribute a graphics-enabled Greasemonkey script without worrying that everyone who installs it will pound your server on every page request. Learn the history of Greasemonkey security and how it affects you now. Once upon a time, there was a security hole. This is not your standard fairy tale. Stay with me. Version 0. It initialized a set of API functions as properties of the global window object, so that user scripts could call them.

Then, it determined which user scripts ought to execute on the current page based on the include and exclude parameters. JavaScript running in a browser is not simply a scripting language. The browser sets up a complex object hierarchy for scripts to manipulate the web page, and a complex event model to notify scripts when things happen. This leads directly to the first security hole. When Greasemonkey 0. Consider a web page with the following JavaScript code.

Keep in mind, this is not a user script; this is just regular JavaScript code that is part of the web page in which user scripts are executing.

Whenever Greasemonkey 0. The remote page could get a complete copy of every user script that executed on the page, and do whatever it wanted with that information. The most powerful feature of Greasemonkey is not that it allows you to inject your own scripts into third-party web pages. User scripts can actually do things that regular unprivileged JavaScript cannot do, because Greasemonkey provides a set of API functions specifically for user scripts:.

Store a script-specific value in the Firefox preferences database. You can see these stored values by navigating to about:config and filtering on greasemonkey.

Retrieve a script-specific value from the Firefox preferences database. User scripts can only access values that they have stored; they cannot access values stored by other user scripts, other browser extensions, or Firefox itself. This last API function is obviously the most powerful. It is also the most useful, because it allows user scripts to integrate data from different sites.

See Chapter JavaScript code that comes with a regular web page cannot do this. There is an XMLHttpRequest object that has some of the same capabilities, but for security reasons, Firefox intentionally restricts it to communicating with other pages on the same web site.

All of this brings us to the second security hole. Greasemonkey 0. Using the watch method, available on every JavaScript object, the web page would wait for Greasemonkey 0. When Greasemonkey assigned the window. The user script would execute as usual, and Greasemonkey would clean up after itself by removing the API functions from the window object.

But the damage had already been done. Security experts call this a privilege escalation attack. In effect, Greasemonkey 0. This is disturbing by itself, but it is especially dangerous when coupled with leaking API functions to remote page scripts. All of these problems in Greasemonkey 0. The solution is to set up a safe environment where we can execute user scripts.

The sandbox needs access to certain parts of the hostile environment like the DOM of the web page , but it should never allow malicious page scripts to interfere with user scripts, or intercept references to privileged functions.

The sandbox should be a one-way street, allowing user scripts to manipulate the page but never the other way around. Remote page scripts never have a chance to intercept user scripts, because user scripts execute without ever modifying the page. But this is only half the battle. User scripts might need to call functions in order to manipulate the web page.

This includes DOM methods such as document. A malicious web page could redefine these functions to prevent the user script from working properly, or to make it do something else altogether. To solve this second problem, Greasemonkey 0. Instead of simply referencing the window object or the document object, Greasemonkey redefines these to be XPCNativeWrappers.

This means that when a user script calls document. In Greasemonkey 0. This means that not only is it safe to call their methods and access their properties, but it is also safe to access the methods and properties of the objects they return. For example, you want to write a user script that calls the document. The document object is an XPCNativeWrapper of the real document object, so your user script can call document.

But what about the collection of element objects that the method returns? All these elements are also XPCNativeWrappers , which means it is also safe to access their properties and methods such as the value property.

What about the collection itself? This object has properties such as length and special getter methods that allow you to treat it like a JavaScript Array. All of this is confusing but extremely important.

This example user script looks exactly the same as JavaScript code you would write as part of a regular web page, and it ends up doing exactly the same thing. But you need to understand that, in the context of a user script, everything is wrapped in an XPCNativeWrapper.

But the illusion is not perfect. XPCNativeWrappers have some limitations that you need to be aware of. There are 10 common pitfalls to writing Greasemonkey scripts, and all of them revolve around limitations of XPCNativeWrappers. In places where you want to set up a callback function such as window. This leads to our first pitfall.

By the time the callback executes one second later, the user script and its entire sandbox have disappeared. The window. You just need to set them up differently. Should you have any questions, please let us know by leaving a message at the end of this article.

When you can confirm you have got all the data you need, the next step is to fix the error. There are some methods which are used frequently and have helped many people get out of the trouble; please take a look at them carefully. What to do when Windows taskbar not working? Please be advised that you should undo the above steps after you found the error has been solved in order to start your PC normally. Fix 5: delete entries after Userinit. This method should be your last resort; it will surely fix the Windows Script Host error and repair the corrupt system files.

How to enable the Windows Script Host again? Definitely, you should delete the Enabled key in Registry Editor. If you really see the Windows Script Host access is disabled error on your computer, remember, do the following two things without delay:.

Download Power Data Recovery. Summary : Windows Script Host is an administration tool built in every Windows operating system. This article mainly discusses how to fix Windows Script Host on Windows Run SFC.

If you don't know how to read it, check who has reviewed, favorited and discussed it. Decide if you find them trustworthy by reading their other reviews. The admins cannot guarantee that "evil" scripts will not be listed on the site. Powered by monkeys and unicorns with the help of many friends. Installing Greasemonkey Scripts Installation how-to. Warning: Only install Userscripts that you trust.