search

Tampermonkey / tampermonkey

Tampermonkey is the most popular userscript manager, with over 10 million users. It's available for Chrome, Microsoft Edge, Safari, Opera Next, and Firefox.
GNU General Public License v3.0
4.28k stars 423 forks source link

Impossible to block tampermonkey from trying to install a script in specific pages #2121

Open balmeida-nokia opened 3 months ago

balmeida-nokia commented 3 months ago

(Please fill out the issue template with your details)

Expected Behavior

The page shows normally without Tampermonkey asking if I want to install the userscript (which clearly is just an HTML page)

Actual Behavior

When accessing an internal gitlab URL: https://repo.internal/path/to/group/repo-name-link/-/edit/master/My%20Awesome%20userscript.user.js Instead of seeing gitlab edit page, I get the tampermonkey trying to add an HTML page as a userscript. The contents starts with:

<!DOCTYPE html>
<html class="" lang="en">

Assuming that came from a status code 200, this should be enough for tampermonkey to identify it's not a userscript and then back out and temporarily blacklist the url as not being a userscript.

If users can additionally add these kinds of URLS to a blacklist of sorts it would also be productive.

Specifications

Script

N/A

derjanb commented 3 months ago

A workaround is to set "Userscript URL detection" to disabled.

balmeida-nokia commented 3 months ago

That can alleviate a little bit until such feature exists.