Skip to content

grant unsafeWindow 后 window scope 问题 #273

@WindRunnerMax

Description

@WindRunnerMax

grant unsafeWindow后,即使使用window也可以访问inject页面本身的window对象,与油🐒脚本管理器的表现不一致,不知是否符合预期。

// ==UserScript==
// @name         New Userscript
// @namespace    https://bbs.tampermonkey.net.cn/
// @version      0.1.0
// @description  try to take over the world!
// @author       You
// @match        https://quilljs.com/playground/snow
// @grant        unsafeWindow
// ==/UserScript==

(function() {
    'use strict';
    console.log(window === unsafeWindow);
    console.log("window", "------", window.Quill)
    console.log("unsafeWindow", "------", unsafeWindow.Quill)
    // Your code here...
})();

加入脚本后访问https://quilljs.com/playground/snow,即使window已经是被代理而非原始window,但仍可以发现在window上也可以访问到Quill对象。

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions