Originally: DevjaVu ticket 246
Hostile content can list and delete stored (key;value) pairs.
From miscapis.js:
GM_ScriptStorage.prototype.deleteValue = function(name) {
return this.prefMan.remove(name);
}
GM_ScriptStorage.prototype.listValues = function() {
return this.prefMan.listValues();
}
Compare with:
GM_ScriptStorage.prototype.setValue = function(name, val) {
if (!GM_apiLeakCheck("GM_setValue")) {
return;
}
this.prefMan.setValue(name, val);
};
GM_ScriptStorage.prototype.getValue = function(name, defVal) {
if (!GM_apiLeakCheck("GM_getValue")) {
return;
}
return this.prefMan.getValue(name, defVal);
};
As a side note: listValues is a terrible name for a method that is actually enumerating keys, not values.
Originally: DevjaVu ticket 246
Hostile content can list and delete stored (key;value) pairs.
From miscapis.js:
Compare with:
As a side note: listValues is a terrible name for a method that is actually enumerating keys, not values.