grant unsafeWindow 后 window scope 问题

在`grant unsafeWindow`后，即使使用`window`也可以访问`inject`页面本身的`window`对象，与油🐒脚本管理器的表现不一致，不知是否符合预期。

```js
// ==UserScript==
// @name         New Userscript
// @namespace    https://bbs.tampermonkey.net.cn/
// @version      0.1.0
// @description  try to take over the world!
// @author       You
// @match        https://quilljs.com/playground/snow
// @grant        unsafeWindow
// ==/UserScript==

(function() {
    'use strict';
    console.log(window === unsafeWindow);
    console.log("window", "------", window.Quill)
    console.log("unsafeWindow", "------", unsafeWindow.Quill)
    // Your code here...
})();
```

加入脚本后访问`https://quilljs.com/playground/snow`，即使`window`已经是被代理而非原始`window`，但仍可以发现在`window`上也可以访问到`Quill`对象。

<img width="685" alt="image" src="https://github.com/scriptscat/scriptcat/assets/33169019/a9d0b892-c645-4715-8ded-6b218814c9fb">





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

grant unsafeWindow 后 window scope 问题 #273

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

grant unsafeWindow 后 window scope 问题 #273

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions