Hacker News new | comments | ask | show | jobs | submit login

How does this policy interact with greasemonkey, an extension that allows running random JavaScript on sites with access to the extension API. You could write your malware as a greasemonkey extension, convince a user to install a signed greasemonkey release, and then convince them to install your malicious extension.



Great point. Does anyone know what--if any--limits Grease Monkey puts in place to prevent users from bring exploited?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: