search

Tampermonkey / tampermonkey

Tampermonkey is the most popular userscript manager, with over 10 million users. It's available for Chrome, Microsoft Edge, Safari, Opera Next, and Firefox.
GNU General Public License v3.0
4.23k stars 418 forks source link

[Feature Request] ESM style `importShim(dependency)`? #1396

Open loynoir opened 2 years ago

loynoir commented 2 years ago

Is it possible to have ESM style importShim(dependency)?

loynoir commented 2 years ago 
unsafeWindow is not defined

seems import() context have no GM_XXX and unsafeWindow

7nik commented 2 years ago

Here it works:

// ==UserScript==
// @name         New Userscript
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  try to take over the world!
// @author       You
// @match        https://unpkg.com/
// @icon         https://www.google.com/s2/favicons?domain=github.com
// @grant        GM_download
// @grant        GM.download
// ==/UserScript==

import("https://unpkg.com/@popperjs/core@2").then((test) => {
    console.log(GM_info);
    console.log(GM.info);
    console.log(GM_download);
    console.log(GM.download);
    console.log(unsafeWindow);
});

But with @grant none, the unsafeWindow indeed isn't defined, but it should so if I remember right. And with dynamic import, it is very easy to face up with CSP.

loynoir commented 2 years ago

@7nik Oh, I mean import() context to something like

// foobar.user.js

// @grant        GM_download
// @grant        GM.download

import('https://cors.selfhosted/dep.mjs')
// Feature Request
importShim('https://cors.selfhosted/dep.mjs')
// dep.mjs

// not defined
console.log(GM.download)
7nik commented 2 years ago

Modules are executed in their own contexts. Thus they can define root variables without exposing them to everybody. But here they go out of TM's context as well.