Greasemonkey access violation: unsafeWindow cannot call GM_xmlhttpRequest

[Sonic0170]

seems they just won't play, like something changed in the way live streams work

[jackun]

Eh, correct version 55.99 is loaded? 33.0a1 (2014-06-18) seems to work :S

[Sonic0170]

ima clear everything and try it again ^.^ yes 55.99 like you labeled it in dropbox

[jackun]

It is also weird like how the hell does GM_getValue in GM sandbox scope leak into injected script scope. Getting "Greasemonkey access violation: unsafeWindow cannot call GM_getValue.", bizarre.

E: Duh, @run-at document-start. GM_getValue works when some DOM is generated.

[Sonic0170]

ok so i tried it again after clearing all cookies and cache and still vlc won't load. used the profile manager to make a new blank profile and got all the stuff installed and same thing happens. i have looked through some of the greasemonkey forums and it seems the people that work on greasemonkey are aware of some serious security flaws, i would assume that the sandbox exporting into the script is a loophole feature for special scripts but i also think that greasemonkey is full of security holes not always mentioned by those that discover it

[Sonic0170]

but regardless, i think greasemonkey is miles ahead of other add-ons like scriptish being an example of a add-on missing tons of features and breaks scripts all the time due to missing essential security or GM style requests

[jackun]

Now with more settings. WorksForMe™

[Sonic0170]

still same thing, these new options in firefox must be confusing as hell O.o some of the comments from that mozilla blg post complain that they have to change a ton of there code to make it work, are we basically in that same hole?

[Sonic0170]

at least v55 still works on a normal youtube video, im glad this change didn't break everything ^.^ that makes me wonder why only embedded videos break though. im gonna give hunting information down a break lol, i started incidentally looking at slave-input again, must be my desire for 1080p again :P

[jackun]

Uh, if GM shows version 55.100 ( well, 101 now) then, yeah, wtf.

[Sonic0170]

im not sure what you mean but yeah tried 55.101 but no change, same problem

[Sonic0170]

woops damnit, sorry

[jackun]

LMAO the version discrepancies. Windows version suddenly has no 'cloneInto' like the mozilla blog suggested. And working windows' version on linux gives permission denied error. Try now: https://dl.dropboxusercontent.com/u/235773/25318.user.js

[Sonic0170]

works perfect, although now the embedded video controls are permanently reduced. what did you have to do to make it work? honestly im sure your gonna make it sound so simple lol oh and le windows lmfao that was good made me laugh pretty good

[Sonic0170]

i mean like how your fewer controls option works, except that now its like that automatically, regardless this issue is now closed yay :P

[jackun]

I may have missed a setting, but your settings may have been reset.

[Sonic0170]

i checked them, they are all the way i want them, im not really worried about it, honestly its a non-issue to me

[jackun]

Settings are now only saved when page is unloaded. Go to /watch page and refresh or navigate to different video after configing. Also may need few tries, heh.

[Sonic0170]

probably need to close firefox and re-open it, that's how firefox tends to behave in windows, once a plugin loads it tends to hold old memory opposite of a memory leak i guess lol we could say windows is memory constipated lmfao

[Sonic0170]

wow, after comparing 55 to 55.101.LeWindows its crazy how much code you had to change, i really feel bad that you had to go through all that O.o imagine what the api coders for firefox add-ons have to go through o.O

[jackun]

Nah, it looks like it, but most is just cut/paste :P

[Sonic0170]

but still you had to add var to alot of it and had to add new code to cover new security features, used winmerge to compare, i did see alot of code just moved ^.^ but for me thats alot, maybe im just lazy o.o

[Sonic0170]

one final question. any luck with running the audio through slave-input for 1080p support? is that just a null option or impossible to sync properly?

[jackun]

Still "unsafe option "input-slave" has been ignored for security reasons". Patch it then ;)

[Sonic0170]

"has been ignored for security reasons" is being said in the web plugin code way too often, i can understand preventing the plugin from injecting code into local memory but isn't that what a sandbox is for? lmfao videolan people have a terrible way of saying they just don't feel like working on it lmfao

[Sonic0170]

so is the updated script just for firefox for windows only or is it able to be used by other browsers and platforms? such as chrome and linux etc...

[jackun]

Doh, on linux i got GM nightly. That seems to have the 'cloneInto' etc. functions. Injecting version of the script is at https://github.com/jackun/VLCTube/tree/inject tree. I added a check for 1.5 and 2.0 beta (nightly), should work with both.

But now that Chrome has dropped NPAPI support, i think, I don't know if I should bother with Chrom(-e/-ium) support? (Not that i tested it much before :P )

[Sonic0170]

i would say that chrome should be pushed aside until someone complains maybe? otherwise getting embedded videos working again is worth pulling the code to the main script, i can't really say how long it will be until stable firefox will remove the old workaround, would assume v32 but it could be as soon as 31 for all we know which will happen july 22nd.

[Sonic0170]

greasemonkey 2.0 will have a full release when mozilla is finished reviewing it, that could be in days or months, noway to tell, but greasespot already has a full release ready, so when it finally hits the mozilla repo you could easily fall back to the cloneinto code you planned on using https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/

[Sonic0170]

this quote is also interesting "For stability, reliability, and security the privileged sandbox has been updated to match the new changes to unsafeWindow for the Add-on SDK. In order to write values to unsafeWindow you will need to use the new methods cloneInto(), exportFunction(), and/or createObjectIn()."

this is from the GM 2.0 stable build

[jackun]

Probably, i'm using the createObjectIn and cloneInto.

[Sonic0170]

lmfao i should have read that quote a 2nd time, so yeah your changes are necessary... derp O.o

[jackun]

Well, GM could be wrapping it itself somehow so scripts don't have to.

[Sonic0170]

so you think, wait until GM updates? before pulling new code?

[Sonic0170]

based on that quote, it seems GM won't do it itself, which is why some articles talk about how GM 2 will break outdated scripts http://lifehacker.com/greasemonkey-2-0-release-breaks-some-userscripts-1592684958

[Sonic0170]

honestly im happy i helped you catch the problem in time, long before it showed its ugly head ^.^

[jackun]

Double checked, works with Fx nightly / GM 1.5. You can upload this then i think.

[Sonic0170]

i have it auto update using the master from this repo, so if you pull the inject into the master it will update automatically ^.^

[jackun]

Ah, your script or something greasyfork has?

[Sonic0170]

greasyfork supports external repos with auto update from external script file. they wanna be like userscript.org kinda so its a really nice cloned feature.

[jackun]

This could be actually a bug in firefox, something like this. New scriptish maybe works even, haven't tested. I hope so or how else you gonna make cross-site xmlhttprequests if not from GM? /rhetorical

[Sonic0170]

in that bug they patched the bug in firefox and altered GM along side it, im not really sure how they relate though, so you would have to describe that one for me. isn't exportFunction() how you make cross-site requests of any kind?

also scriptish is unusually late to the update lol, also 1.12 is still sitting in beta since april, actually surprised they had an update, but it seems its still not ready for stable maybe?