Three bookmarklets I made for my bookmarks toolbar:
"Don't mess with paste" - for when signup forms expect you to hand-type your email address twice. javascript:void ["contextmenu","copy","paste","selectstart"].map(e=>document.addEventListener(e,e=>e.stopPropagation(),true))
"Nebula no-alt-#" - Nebula's video viewer annoying captures e.g. alt-3 to do the same as plain 3 (seek to 3/10 of the video currently playing), but I expect it to switch to the 3rd browser tab instead. YouTube doesn't do this. Luckily I can just activate this bookmarklet: javascript:void document.addEventListener("keydown",(e)=>void(e.altKey&&!isNaN(+e.key)&&e.stopPropagation()))
"canvas DL" - when playing skribbl.io and someone has made a nice drawing, this lets you download the current drawing as a PNG. javascript:var w=window.wdq||(window.wdq=document.createElement("a"));var p=/The word was '([^']*)'/g,pp=/<span>([^<>]+) is drawing now!/g,tt=document.body.innerHTML;var mm,nn,xx;while(mm=p.exec(tt))nn=mm;while(mm=pp.exec(tt))xx=mm;w.download=location.host+"_"+(nn?nn[1]+"_":"")+(xx?xx[1]+"_":"")+new Date().toISOString().replace(/:/g,"_");w.href=document.querySelector("canvas").toDataURL();w.click();
Unfortunately, no. This is a simple pet project aimed at easing sharing/versioning of bookmarklets. The site is entirely static. Listing bookmarklets is, however, something I'd love to add.
A simple and sensible way to list bookmarklets may be scraping GitHub's own search [1]. Using a flag in gists such as `// bookmarklink-index` or similar may be a good way to go.
I have "increment" and "decrement" bookmarklets, that look for the last-most number in a url and make it go up or down by one. I'm always surprised at how often it's useful. Oh, and I have this one called "kill sticky",
javascript:( function(){ let i, elements = document.querySelectorAll('body *'); for (i = 0; i < elements.length; i++) { if(getComputedStyle(elements[i]).position === 'fixed' || getComputedStyle(elements[i]).position === 'sticky') { elements[i].parentNode.removeChild(elements[i]); } } document.body.style.overflow = "auto"; document.body.style.position = "static"; })()
Which deletes those annoying page-covering popups like "sign up for my newsletter" or "you need to log in (even though the content is right there*)"
I have a slightly longer one that also makes gets rid of the various `overflow:hidden` stylings since it seemed like I'd often kill an annoying popover with the content _right there_ to find that I couldn't scroll down anymore.
For things you need to always run Grease Monkey seems like a prime choice. You could have your script run automatically for every visit to a nebula page.
By default Greasemonkey can access all data on all pages. With extensions being routinely compromised to steal crypto that’s starting to look like a bad deal. (If you limit it to a single domain in Chrome it will nag you to unlock it on Chrome startup forever)
I only use a few and they're simple enough I can read them before updating to see if they're bringing in something weird. Also in GP's case they could just write their own since they're already making them. No exploitable surface there if it's not a remote updatable script.
It's not the bookmarklets that OP is warning about, it's the risk that the GreaseMonkey extension itself becomes compromised. Basically, it's good browser hygiene to keep the number of extensions you have installed to an absolute minimum.
A bookmarklet alone isn't so much a concern, both because it doesn't run automatically on all pages (only when clicked) and because, as you note, you can usually pretty easily audit what you add and you don't get automatic updates.
By default Chrome can access all data on all pages. With browsers being routinely compromised by advertising companies working against your interest that's starting to look like a bad deal.
This is an important point. The only solution we're ever offered for security concerns is centralizing more and more control in the platform companies hands even though those same companies are increasingly abusing their power.
It's a matter of compatibility and bug fixing. Might be not a problem at the moment, but over time a dead project will degrade and make problems. So if one starts now, they can also just start with the more active project. After all there is AFAIK no disadvantage in using VM over GM.
Force pasting is something that is unfortunately required in many places, not just the browser. For example a Citrix session where the Citrix admin decided that pasting was a security risk and hence blocked it. Or some very poorly written apps.
For all of these I use an apple script that emulates typing one letter at a time, with a small delay because Citrix can't deal with typing which is too fast.
My city does this, as well as preventing right clicks, as a "copy protection mechanism", complete with an `alert()` shaming you every time you have the audacity to try and cut and paste some text.
They are worried about someone copying a mistyped email from the first form field and pasting it into the "confirm email" field, thus making the confirmation field pointless. I would suspect in the real world most people are typing their email by hand and not using a password manager or auto-fill so this becomes an actual problem.
A nice implementation of this would detect that you pasted/auto-filled the original field and not prompt you to confirm unless you typed it slowly by hand.
"Don't mess with paste" - for when signup forms expect you to hand-type your email address twice. javascript:void ["contextmenu","copy","paste","selectstart"].map(e=>document.addEventListener(e,e=>e.stopPropagation(),true))
"Nebula no-alt-#" - Nebula's video viewer annoying captures e.g. alt-3 to do the same as plain 3 (seek to 3/10 of the video currently playing), but I expect it to switch to the 3rd browser tab instead. YouTube doesn't do this. Luckily I can just activate this bookmarklet: javascript:void document.addEventListener("keydown",(e)=>void(e.altKey&&!isNaN(+e.key)&&e.stopPropagation()))
"canvas DL" - when playing skribbl.io and someone has made a nice drawing, this lets you download the current drawing as a PNG. javascript:var w=window.wdq||(window.wdq=document.createElement("a"));var p=/The word was '([^']*)'/g,pp=/<span>([^<>]+) is drawing now!/g,tt=document.body.innerHTML;var mm,nn,xx;while(mm=p.exec(tt))nn=mm;while(mm=pp.exec(tt))xx=mm;w.download=location.host+"_"+(nn?nn[1]+"_":"")+(xx?xx[1]+"_":"")+new Date().toISOString().replace(/:/g,"_");w.href=document.querySelector("canvas").toDataURL();w.click();