[FireMonkey]: Some observations for v1.5 #52
Comments
Not at all .. thank you for taking the time to look into it To start with, Firefox has postponed the official release of the new API to 68 (from 65) therefore as mentioned on the description, the API in FF65-67 requires:
FireFox API does not support RegEx matches and FireMonkey is adhering to Firefox API standard. You should have seen a red cross next to the script name to show it and there is a notification when clicking to show the script in the editor. AFA button icon, they are ALL Unicode text and not icons per se. Their quality is not as great as proper icon but then the are scalable and added for extra context only. I have also explained all the buttons in the Help section. Please let me know if above was helpful. |
plus a restart of the browser. A typical way of end users disabling metadata block keys of: // @include /^https?://openuserjs\\.org(?::\\d{1,5})?/scripts//
// @include /^http://localhost(?::\\d{1,5})?/scripts//... is to do this: //@include /^https?://openuserjs\\.org(?::\\d{1,5})?/scripts//
//@include /^http://localhost(?::\\d{1,5})?/scripts//... which isn't working... Fx via your extension is still parsing it... which is incorrect spec for all .user.js engines including GM, GM Port, and TM. As I mentioned before your extension should probably parse the UserScript metadata block first then send it off to the Fx API. You'll encounter a lot of resistance from the diverse community on this one with people saying they won't do one engine or the other. Once I completely removed the lines then it injected. NOTE
Nice tip... Ctrl + + here I come! 😸
The X yes... I consider a cross to be ✝ but I'll add a mental note that you mean 🞮
Seem to be missing this part. Related to the editor at one point during the removal of the space between
Surprise, surprise 😸
Syncing up with my terminology... list filters ... would never have guessed that even with reading the Help. 😸 With all of the reports rolling in of one .user.js engine deleting scripts on import/export (and a very casual look without testing to confirm) I'm a bit leery to just go poking around these days in a "dirty" profile that I should back up more often. Script injection test nth test: // ==UserScript==
// @name oujs - Meta View
// @namespace https://openuserjs.org/users/Marti
// @description Adds a script navigation link next to `Source Code` titled `Meta` and opens a phantom url to show the detected metadata
// @copyright 2014+, Marti Martz (https://openuserjs.org/users/Marti)
// @license CC-BY-NC-SA-4.0; https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode
// @license GPL-3.0-or-later; http://www.gnu.org/licenses/gpl-3.0.txt
// @version 4.4.5
// @icon https://www.gravatar.com/avatar/7ff58eb098c23feafa72e0b4cd13f396?r=G&s=48&default=identicon
// @homepageURL https://github.com/Martii/UserScripts/tree/master/src/oujs/Meta%20View
// @homepageURL https://openuserjs.org/scripts/marti/oujs_-_Meta_View
// @supportURL https://openuserjs.org/scripts/marti/oujs_-_Meta_View/issues
// @updateURL https://openuserjs.org/meta/Marti/oujs_-_Meta_View.meta.js
// @downloadURL https://openuserjs.org/install/Marti/oujs_-_Meta_View.min.user.js
// @include https://openuserjs.org/scripts/*/*
// @include http://localhost:8080/scripts/*/*
var x = 10; // *** This breaks script injection and should not ***
// @grant none
// ==/UserScript==... result FAIL NOTE Btw Install button on OUJS still no workie. New Script "button" with one script already in there copies the source of oujs - Meta View? A little unusual. |
Please note that Regular Expression includes are not supported by the API eg: On the option page, when clicking on the script with X after it, it display the script and then.. it has a notification popup with the error plus the the edit area changes colour to show error
After removing the RegEx include and enabling the script, the script runs but I dont know what it is supposed to do. On |
|
Never get that. Do get the pink background though.
That can be a security risk for starters not to mention a parsing nightmare.... the official spec for metadata blocks are at GM and the original spec of GM Port. Using a proprietary .user.js metadata block is not recommended since it makes it not a .user.js engine. The metadata is critical for parsing and busting that doesn't seem like a wise choice. I would suggest that changes in FireMonkey as it won't be endorsed as a .user.js engine until it does and won't be widely accepted in the community. Ex. (Note: The ellipsis means there is more. This is just a snippet example) Anyhow... don't want to seem like I'm tilting towards the negative spectrum. The extension has good promise but need a few standardizations on the basics. 😄
Parses the metadata blocks that we collect (specifically how GM, GM Port, TM, VM, etc. do it)... click on "Meta" on the nav bar. Ref:
|
You should get it every time you click on the script with X on the left-side menu to display that script.
I beg to differ. The processing is quite different and are there safeguards. AFA this instance is concerned, it suffices to say that the space after Even the naming of If a programmer chooses to insert comment that mimics meta-block inside the meta-block, that displays the poor choice of the script writer. Similarly, bad code writing displays the poor choice of the script writer. There is no way for the non-programmer-users to check the code for poor implementation. IMHO, Such scripts should be avoided. The meta-block is not the place to have comments. That is simply poor and improper practice.
While GM, TM & VM are similar, there are implementation differences that causes some scripts to behave differently (some of these are mentioned in the Help). While adhering to good standards is an improvement, adhering to no-so-good standards are not. Some standards are created by the length of time they have been in use and not by their own merit. ;) Initially, I created FireMoneky for my own use as I wanted an alternative to the available user JS & CSS managers. I have released it for public use in the hope that some users might find it useful as an alternative, and not in competition with the established extensions. It goes without saying that upon feedback from the users, FireMonkey will be further improved in future. :)
FireMonkey converts some common incompatible patterns automatically. It is not possible to check or convert all such instances. In case of bad-matches, the script does not run and is automatically disabled and a warning is added to the script (as mentioned above). Such scripts are still imparted but do not run until the issue is fixed and then the script is then enabled. |
Actually it's excellent, and educated, coding to comment what things are when the url may be abstracted by a QSP/hash/etc. just as line breaks are. Again your opinion however not the communities.
I think that is where this extension fails because you haven't taken the time to consider the security ramifications of poor implementation of the UserScript metadata block. Perhaps you should reevaluate the lack of integrity of this decision?
Much like early Opera used to do... so not a new concept.
Again much like early Opera. And you finally answered the lingering observation, implied, question of why it doesn't work with OUJS Install button. Thank you.
Some people like the chaos theory better. As an individual who has been a systems administrator, engineer, and analyst most of my life I beg to contradict that persona. Clearly you want to open a security hole for the bad actors out there with your non-standardized implementation of the metadata block? Seems like a poor choice if so. Apologies but this is how it looks.
Saying this and proving it are different animals. I'll reinspect the code for these "safeguards" however if we, as OUJS A.M. and CoOwner, see anything remotely resembling a script that contains your security breach we'll probably have to ban it and quite possibly the Author. I'll have to notify AMO to reinspect your addon as well for this as it's quite easy to obfuscate (and is obfuscation in itself) what is happening buried in a comment after further investigation. I wish you would change your mind and work as a team player on this instead of just what you think is "right your way". The community has a lot of experience should you decide to learn from it. GM was taken off AMO in the early days if you recall (or maybe not... depends on your tenure) for security hacks such as these. Don't let this be a similar repeat... most recently Stylus.
Alternatives can be good as long as they are safe. Not following the standards is unsafe and you'll jeopardize the community security.
Perhaps. I've followed you for quite some time even before the visit on my fork so I perceive a little different motivation but I'm also not you... so there is the benefit of the doubt clause. 😸
No one, including myself, has stated this. However maturity should come in taking constructive feedback especially when a CERT can be issued against bad extensions. This is part of the reason why Mozilla is changing a lot of the innards to prevent bad acting. Please don't contribute to the destruction of your extension as I said it has promise. Make the wiser choice. Since I'm the primary author/maintainer of GM Port I have no concern about competition or not. In fact I encouraged OUJS to not compete with any other .user.js site and the same goes with GM Port. I gracefully filled a browser deficit with SM so did sizzle from USO. It's not a race to have one sect win. That is immature assumptions and behavior which I do not practice. However improvement is always a goal one step at a time.
Interesting. Won't go into that one as you are correct there are a lot of variations and also legal implications. Anyhow... I'll go ahead and close this as you've answered most of the basic questions and improved my understanding of your implementation. Thanks for the clarifications and understanding. |
Just a note .... Besides that fact that Example: GM treat this as 1 match and FireMonkey as 2 matches (and they are clearly displayed in the script Info for the user) which is the same as: Again that is up to users to chose a script and script writer that doesn't attempt to deceive. Furthermore, in this case, scripts may run on unexpected sites (but there is Info) but so does the result of the wildcard implementation in GM etc i.e. HOWEVER, I will think about ways to prevent the above situation. Also, FireMonkey supports block metablock which others dont e.g.: AFA standards, the standard has never been to include comments in meta-block. Finally, as per addon's description:
In other words, FireMonkey is not GM or VM or TM and does not aim to be a clone of them either. Therefore, comparison and/or full 100% compatibility is not the criteria. The included Help explains how FireMonkey works. |
Those were chosen at random. Pick
After the fact... not before. Not everyone knows (or sometimes cares) what kind of security issues are present. The responsible thing to do is to educate and put in some basic safeguards. Some put in more than is needed imho (think the other .user.js site) but that is his prerogative within his means.
Might just be a casual comment too describing something which is why the fully documented standard exists and your extension will pick it up incorrectly. You can even have code in between
Well aware of this one. I've banned several UserScripts for being too vague on injection. Some are useful on all sites too. TM/GM Port also has this feature. Been a while since I've tested VM but I think it does too.
That's never been the case. Comments and other code have always been accepted on different lines in the UserScript metadata block. E4X is another example that proves it and so are function expressions and the like for restructuring. This goes back to the origin with Aaron which I'm a later addition to that origin. One can even encompass the entire script in the UserScript metadata block if bored. Granted it looks ick but that's one of the reason why oujs - Meta View was created... in case it's so terribly (imho) abstracted/obfuscated for even newer technologies and methodologies. I ran into one that mirrors node syntax in UserScripts... that threw me for a loop until I asked the Author what was going on... he helped me understand and I helped that Author out too with the build routine to not violate Copyright.
Interesting... that is another parsing nightmare (not yours necessarily... but everyone else who may consider implementing and hosting your new type).
You actively sought out for my feedback... there it is. Even if I had no knowledge of UserScripts I'd still come to these same security concerns of accidental or intentional script injection or alteration. If you want to try to make a spin-off like JetPack used to be you are always welcome to. :) Perhaps it will catch on... perhaps not. You know my 2 cents on this particular security issue. I do like less extensions but at the same time not at the expense of my default understanding of security and privacy. |
|
Thank you for the feedback which will be taken into consideration. |
|
Just to let you know, I have updated the code to prevent the unwanted processing of |
Apologies for not getting here sooner... haven't had much free time to twiddle. Also had to wait until the Fx version was beyond your
em:version(don't do beta and earliers now).Some data for you:
As the A.M. of OUJS we don't have any such policy yet that I know of... assume CORS and/or the like? or something internal to the extension?
OUJS test script (ref'd below) ... Install button did nothing for interception by FireMonkey... so manually created a new script... pasted in content... This console error may be relevant:
Error: WebExtension context not found! ExtensionParent.jsm:1041:13Export of preferences:
{ "autoUpdateInterval": 0, "autoUpdateLast": 0, "content": { "oujs - Meta View": { "name": "oujs - Meta View", "author": "", "description": "Adds a script navigation link next to `Source Code` titled `Meta` and opens a phantom url to show the detected metadata", "enabled": false, "updateURL": "https://openuserjs.org/meta/Marti/oujs_-_Meta_View.meta.js", "autoUpdate": true, "version": "4.4.5", "allFrames": false, "js": "// ==UserScript==\n// @name oujs - Meta View\n// @namespace https://openuserjs.org/users/Marti\n// @description Adds a script navigation link next to `Source Code` titled `Meta` and opens a phantom url to show the detected metadata\n// @copyright 2014+, Marti Martz (https://openuserjs.org/users/Marti)\n// @license CC-BY-NC-SA-4.0; https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode\n// @license GPL-3.0-or-later; http://www.gnu.org/licenses/gpl-3.0.txt\n// @version 4.4.5\n// @icon https://www.gravatar.com/avatar/7ff58eb098c23feafa72e0b4cd13f396?r=G&s=48&default=identicon\n \n// @homepageURL https://github.com/Martii/UserScripts/tree/master/src/oujs/Meta%20View\n// @homepageURL https://openuserjs.org/scripts/marti/oujs_-_Meta_View\n// @supportURL https://openuserjs.org/scripts/marti/oujs_-_Meta_View/issues\n \n// @updateURL https://openuserjs.org/meta/Marti/oujs_-_Meta_View.meta.js\n// @downloadURL https://openuserjs.org/install/Marti/oujs_-_Meta_View.min.user.js\n \n// @include /^https?://openuserjs\\.org(?::\\d{1,5})?/scripts//\n// @include /^http://localhost(?::\\d{1,5})?/scripts//\n \n// @include https://openuserjs.org/scripts/*/*\n// @include http://localhost:8080/scripts/*/*\n \n// @grant none\n \n// ==/UserScript==\n \n(function() {\n 'use strict';\n \n /**\n *\n */\n \n var FQDN = window.location.protocol + '//' + window.location.host;\n \n var matches = location.pathname.match(/^\\/scripts\\/(.*?)\\/(.*?)(?:$|\\/)/);\n if (matches) {\n var\n userName = matches[1],\n scriptName = matches[2]\n ;\n \n var hookNode;\n if (/\\/meta$/.test(location.pathname)) { // NOTE: Currently a 404 page\n var NodeScript = document.createElement('script'); // Watchpoint\n NodeScript.setAttribute('src', '/redist/npm/ace-builds/src/ace.js');\n NodeScript.setAttribute('type', 'text/javascript');\n NodeScript.setAttribute('charset', 'UTF-8');\n \n var bodyNode = document.querySelector('body');\n bodyNode.appendChild(NodeScript);\n \n var panelBodyNode = document.querySelector('div.panel-body');\n if (panelBodyNode && panelBodyNode.firstChild.nextSibling.textContent == '404') {\n \n var titleNode = document.head.querySelector('title');\n if (titleNode)\n titleNode.textContent = 'Meta ' + scriptName + '| OpenUserJS';\n \n hookNode = panelBodyNode.parentNode;\n \n // Reset content\n while (hookNode.hasChildNodes())\n hookNode.removeChild(hookNode.firstChild);\n \n hookNode.classList.remove('panel-default');\n hookNode.classList.remove('panel');\n hookNode.classList.add('panel-group');\n \n // Simulate navbar\n var navbar2TextStrongNodeB = document.createElement('b');\n navbar2TextStrongNodeB.textContent = 'Installs:';\n \n var navbar2TextIconNodeI = document.createElement('i');\n navbar2TextIconNodeI.classList.add('fa');\n navbar2TextIconNodeI.classList.add('fa-fw');\n navbar2TextIconNodeI.classList.add('fa-signal');\n \n var navbar2TextNodeP = document.createElement('p');\n navbar2TextNodeP.classList.add('navbar-text');\n navbar2TextNodeP.classList.add('pull-right');\n navbar2TextNodeP.classList.add('hidden-xs');\n \n var navNodeUl = document.createElement('ul');\n navNodeUl.classList.add('nav');\n navNodeUl.classList.add('navbar-nav');\n \n var navNodeA4Span4 = document.createElement('span');\n navNodeA4Span4.classList.add('badge');\n \n var navNodeA4 = document.createElement('a');\n navNodeA4.textContent = 'Issues ';\n navNodeA4.href = '/scripts/' + userName + '/' + scriptName + '/issues';\n \n var navNodeLi4 = document.createElement('li');\n \n var navNodeA3 = document.createElement('a');\n navNodeA3.textContent = 'Meta';\n navNodeA3.href = '/scripts/' + userName + '/' + scriptName + '/meta';\n navNodeA3.classList.add('notranslate');\n navNodeA3.setAttribute('translate', 'no');\n \n var navNodeLi3 = document.createElement('li');\n navNodeLi3.classList.add('active');\n \n var navNodeA2 = document.createElement('a');\n navNodeA2.textContent = 'Source Code';\n navNodeA2.href = '/scripts/' + userName + '/' + scriptName + '/source';\n \n var navNodeLi2 = document.createElement('li');\n \n var navNodeA1 = document.createElement('a');\n navNodeA1.textContent = 'About';\n navNodeA1.href = '/scripts/' + userName + '/' + scriptName;\n \n var navNodeLi1 = document.createElement('li');\n \n var navbarCollapseNodeDiv = document.createElement('div');\n navbarCollapseNodeDiv.classList.add('navbar-collapse');\n navbarCollapseNodeDiv.classList.add('collapse');\n navbarCollapseNodeDiv.classList.add('in');\n navbarCollapseNodeDiv.id = 'content-navbar';\n \n var navbar1TextStrongNodeB = document.createElement('b');\n navbar1TextStrongNodeB.textContent = 'Installs:';\n \n var navbar1TextIconNodeI = document.createElement('i');\n navbar1TextIconNodeI.classList.add('fa');\n navbar1TextIconNodeI.classList.add('fa-fw');\n navbar1TextIconNodeI.classList.add('fa-signal');\n \n var navbar1TextNodeP = document.createElement('p');\n navbar1TextNodeP.classList.add('navbar-text');\n navbar1TextNodeP.classList.add('visible-xs');\n \n var navbarBrandNodeDiv = document.createElement('div');\n navbarBrandNodeDiv.classList.add('navbar-brand');\n navbarBrandNodeDiv.classList.add('visible-xs');\n \n var navbarToggleIconNodeI = document.createElement('i');\n navbarToggleIconNodeI.classList.add('fa');\n navbarToggleIconNodeI.classList.add('fa-bars');\n \n var navbarToggleNodeButton = document.createElement('button');\n navbarToggleNodeButton.type = 'button';\n navbarToggleNodeButton.setAttribute('data-toggle', 'collapse');\n navbarToggleNodeButton.setAttribute('data-target', '#content-navbar');\n navbarToggleNodeButton.classList.add('navbar-toggle');\n \n var navbarHeaderNodeDiv = document.createElement('div');\n navbarHeaderNodeDiv.classList.add('navbar-header');\n \n var navbarNodeNav = document.createElement('nav');\n navbarNodeNav.classList.add('navbar');\n navbarNodeNav.classList.add('navbar-default');\n navbarNodeNav.classList.add('navbar-static-top');\n navbarNodeNav.setAttribute('role', 'navigation'); // Watchpoint\n \n // Piece elements together\n navbarNodeNav.appendChild(navbarHeaderNodeDiv);\n navbarHeaderNodeDiv.appendChild(navbarToggleNodeButton);\n navbarToggleNodeButton.appendChild(navbarToggleIconNodeI);\n navbarHeaderNodeDiv.appendChild(navbarBrandNodeDiv);\n navbarHeaderNodeDiv.appendChild(navbar1TextNodeP);\n navbar1TextNodeP.appendChild(navbar1TextIconNodeI);\n navbar1TextNodeP.appendChild(navbar1TextStrongNodeB);\n \n navbarNodeNav.appendChild(navbarCollapseNodeDiv);\n navbarCollapseNodeDiv.appendChild(navNodeUl);\n navNodeUl.appendChild(navNodeLi1);\n navNodeLi1.appendChild(navNodeA1);\n navNodeUl.appendChild(navNodeLi2);\n navNodeLi2.appendChild(navNodeA2);\n navNodeUl.appendChild(navNodeLi3);\n navNodeLi3.appendChild(navNodeA3);\n navNodeUl.appendChild(navNodeLi4);\n navNodeLi4.appendChild(navNodeA4);\n navNodeA4.appendChild(navNodeA4Span4);\n \n navbarCollapseNodeDiv.appendChild(navbar2TextNodeP);\n \n navbar2TextNodeP.appendChild(navbar2TextIconNodeI);\n navbar2TextNodeP.appendChild(navbar2TextStrongNodeB);\n \n // Simulate the page-heading\n var scriptNameNodeA = document.createElement('a');\n scriptNameNodeA.classList.add('script-name');\n scriptNameNodeA.href = '/scripts/' + userName + '/' + scriptName;\n scriptNameNodeA.textContent = '\\u2003';\n \n var pathDividerNodeSpan = document.createElement('span');\n pathDividerNodeSpan.classList.add('path-divider');\n pathDividerNodeSpan.textContent = '\\u2003';\n \n var scriptAuthorNodeA = document.createElement('a');\n scriptAuthorNodeA.classList.add('script-author');\n scriptAuthorNodeA.href = '/users/' + userName;\n scriptAuthorNodeA.textContent = '\\u2003';\n \n var pageHeadingNodeH2 = document.createElement('h2');\n pageHeadingNodeH2.classList.add('page-heading');\n \n // Piece elements together\n pageHeadingNodeH2.appendChild(document.createTextNode(' '));\n pageHeadingNodeH2.appendChild(scriptAuthorNodeA);\n pageHeadingNodeH2.appendChild(document.createTextNode(' '));\n pageHeadingNodeH2.appendChild(pathDividerNodeSpan);\n pageHeadingNodeH2.appendChild(document.createTextNode(' '));\n pageHeadingNodeH2.appendChild(scriptNameNodeA);\n \n // Place parts into the DOM\n hookNode.parentNode.insertBefore(navbarNodeNav, hookNode.parentNode.firstChild);\n hookNode.parentNode.insertBefore(pageHeadingNodeH2, hookNode.parentNode.firstChild);\n \n var NodeDiv = document.createElement('div');\n NodeDiv.classList.add('alert');\n NodeDiv.classList.add('alert-warning');\n \n var NodeStrong = document.createElement('strong');\n NodeStrong.textContent = 'PLEASE WAIT';\n \n var NodeText = document.createTextNode(': Fetching the meta.js');\n \n NodeDiv.appendChild(NodeStrong);\n NodeDiv.appendChild(NodeText);\n \n hookNode.appendChild(NodeDiv);\n \n var url = FQDN + '/src/scripts/' + userName + '/' + scriptName + '.user.js';\n \n var req = new XMLHttpRequest();\n req.open('GET', url);\n req.setRequestHeader('Accept', 'text/x-userscript-meta');\n \n req.onreadystatechange = function () {\n function hasRelative(aPrefix) {\n aPrefix = aPrefix || '';\n \n var hasCalc = document.createElement('div');\n hasCalc.style.setProperty(aPrefix + 'width', 'calc(1px)', '');\n \n var hasUnitV = document.createElement(\"div\");\n hasUnitV.style.setProperty(aPrefix + \"width\", \"calc(5vw + 5vw)\", \"\");\n \n return !!hasCalc.style.length && !!hasUnitV.style.length;\n }\n \n function hasOurRelative() {\n return hasRelative('-moz-') || hasRelative('-ms-') || hasRelative('-o-') || hasRelative('-webkit-') || hasRelative();\n }\n \n function calcHeight() {\n return parseInt((window.innerHeight - 306) / 2.004);\n }\n \n if (this.readyState == this.DONE) {\n console.log(\n [\n 'META VIEW REQUEST SUMMARY',\n '',\n 'status: ' + this.status,\n 'statusText: ' + this.statusText,\n 'readyState: ' + this.readyState,\n 'getAllResponseHeaders():\\n' + this.getAllResponseHeaders().split('\\n').map(function (aE, aI, aA) {\n return ' ' + aE;\n }).join('\\n'),\n 'responseURL: ' + this.responseURL\n \n ].join('\\n')\n );\n \n switch (this.status) {\n case 200:\n if (!this.responseText) {\n NodeDiv.classList.remove('alert-warning');\n NodeDiv.classList.add('alert-danger');\n NodeStrong.textContent = \"FAILURE: \";\n NodeText.textContent = \"Unable to retrieve the meta text. `responseText` is absent.\";\n return;\n }\n \n var responseTextMetaJS = this.responseText.trim();\n \n NodeText.textContent = \": Fetching the meta.json\";\n \n url = FQDN + '/meta/' + userName + '/' + scriptName + '.meta.json';\n \n var req = new XMLHttpRequest();\n req.open('GET', url);\n \n req.onreadystatechange = function () {\n if (this.readyState == this.DONE) {\n switch (this.status) {\n case 200:\n if (!this.responseText) {\n NodeDiv.classList.remove('alert-warning');\n NodeDiv.classList.add('alert-danger');\n NodeStrong.textContent = \"FAILURE: \";\n NodeText.textContent = \"Unable to retrieve the meta JSON. `responseText` is absent.\";\n return;\n }\n \n var responseTextMetaJSON = this.responseText;\n \n var meta = JSON.parse(responseTextMetaJSON);\n \n NodeText.textContent = \": Simulating Source Code page\";\n \n // Simulate a Source Code page\n var NodeStyle = document.createElement('style');\n NodeStyle.setAttribute('type', 'text/css');\n var min_height = 85.2;\n var offset = 306;\n var textSVGMetaJS = 'data:image/svg+xml;base64,' + window.btoa([\n '<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 -200 14.482108 52.124682\" height=\"52.12\">',\n '<g fill=\"#ccc\">',\n '<path d=\"m9.668-150.24q-.36-.36-.36-.875 0-.515.36-.875.36-.36.875-.36.515 0 .875.36.36.36.36.875 0 .515-.36.875-.36.36-.875.36-.515 0-.875-.36\"/>',\n '<path d=\"m3.241-160.82q0-2.128 2.265-2.128h6.28v2.299h-6.555q-.137 0-.24.094-.103.094-.103.232v.738q0 .137.103.232.103.094.24.094h6.555v2.299h-6.555q-.137 0-.24.094-.103.094-.103.232v.738q0 .137.103.232.103.094.24.094h6.555v2.299h-8.374v-2.093h.429q-.601-.532-.601-1.613v-.154q0-1.27.789-1.767-.789-.532-.789-1.767v-.154\"/>',\n '<path d=\"m3.051-168.11q0-2.128 2.265-2.128h2.711v3.895h1.75q.137 0 .24-.094.103-.094.103-.232v-.944q0-.137-.103-.232-.103-.094-.24-.094h-.927v-2.299h.652q2.265 0 2.265 2.128v1.939q0 2.128-2.265 2.128h-4.187q-2.265 0-2.265-2.128v-1.939m3.466 1.767v-1.596h-1.544q-.137 0-.24.094-.103.094-.103.232v.944q0 .137.103.232.103.094.24.094h1.544\"/>',\n '<path d=\"m10.288-174.6v-.686h1.493v1.613q0 2.128-2.265 2.128h-8.099v-2.299h1.819v-1.441h1.664v1.441h4.564q.48 0 .652-.189.172-.189.172-.566\"/>',\n '<path d=\"m3.236-180.91v-1.939h8.374v1.939h-.618q.789.532.789 1.767v.36q0 2.128-2.265 2.128h-4.187q-2.265 0-2.265-2.128v-.36q0-1.235.789-1.767h-.618m6.555.36h-4.736q-.137 0-.24.094-.103.094-.103.232v.944q0 .137.103.232.103.094.24.094h4.736q.137 0 .24-.094.103-.094.103-.232v-.944q0-.137-.103-.232-.103-.094-.24-.094\"/>',\n '<path d=\"m9.672-184.36q-.36-.36-.36-.875 0-.515.36-.875.36-.36.875-.36.515 0 .875.36.36.36.36.875 0 .515-.36.875-.36.36-.875.36-.515 0-.875-.36\"/>',\n '<path d=\"m11.977-188.26h-8.768v-2.299h9.01q2.265 0 2.265 2.128v1.39h-1.682v-.463q0-.377-.172-.566-.172-.189-.652-.189m-9.455-1.15q0 .515-.369.892-.369.377-.892.377-.523 0-.892-.377-.369-.377-.369-.892 0-.515.369-.884.369-.369.901-.369.532 0 .892.369.36.369.36.884\"/>',\n '<path d=\"m6.325-195.87q0-2.128 2.265-2.128h.892q2.265 0 2.265 2.128v1.905q0 2.128-2.265 2.128h-.532v-2.128h.755q.137 0 .24-.094.103-.094.103-.232v-1.407q0-.137-.103-.232-.103-.094-.24-.094h-1.03q-.137 0-.24.094-.103.094-.103.232v1.767q0 2.128-2.265 2.128h-.772q-2.265 0-2.265-2.128v-1.802q0-2.128 2.265-2.128h.309v2.128h-.532q-.137 0-.24.094-.103.094-.103.232v1.304q0 .137.103.232.103.094.24.094h.909q.137 0 .24-.094.103-.094.103-.232v-1.767\"/>',\n '</g>',\n '</svg>'\n ].join(''));\n \n var textSVGMetaJSON = 'data:image/svg+xml;base64,' + window.btoa([\n '<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 -200 14.48211 66.085035\" height=\"66.09\">',\n '<g fill=\"#ccc\">',\n '<path d=\"m9.668-136.28q-.36-.36-.36-.875 0-.515.36-.875.36-.36.875-.36.515 0 .875.36.36.36.36.875 0 .515-.36.875-.36.36-.875.36-.515 0-.875-.36\"/>',\n '<path d=\"m3.241-146.86q0-2.128 2.265-2.128h6.28v2.299h-6.555q-.137 0-.24.094-.103.094-.103.232v.738q0 .137.103.232.103.094.24.094h6.555v2.299h-6.555q-.137 0-.24.094-.103.094-.103.232v.738q0 .137.103.232.103.094.24.094h6.555v2.299h-8.374v-2.093h.429q-.601-.532-.601-1.613v-.154q0-1.27.789-1.767-.789-.532-.789-1.767v-.154\"/>',\n '<path d=\"m3.051-154.15q0-2.128 2.265-2.128h2.711v3.895h1.75q.137 0 .24-.094.103-.094.103-.232v-.944q0-.137-.103-.232-.103-.094-.24-.094h-.927v-2.299h.652q2.265 0 2.265 2.128v1.939q0 2.128-2.265 2.128h-4.187q-2.265 0-2.265-2.128v-1.939m3.466 1.767v-1.596h-1.544q-.137 0-.24.094-.103.094-.103.232v.944q0 .137.103.232.103.094.24.094h1.544\"/>',\n '<path d=\"m10.288-160.64v-.686h1.493v1.613q0 2.128-2.265 2.128h-8.099v-2.299h1.819v-1.441h1.664v1.441h4.564q.48 0 .652-.189.172-.189.172-.566\"/>',\n '<path d=\"m3.236-166.95v-1.939h8.374v1.939h-.618q.789.532.789 1.767v.36q0 2.128-2.265 2.128h-4.187q-2.265 0-2.265-2.128v-.36q0-1.235.789-1.767h-.618m6.555.36h-4.736q-.137 0-.24.094-.103.094-.103.232v.944q0 .137.103.232.103.094.24.094h4.736q.137 0 .24-.094.103-.094.103-.232v-.944q0-.137-.103-.232-.103-.094-.24-.094\"/>',\n '<path d=\"m9.672-170.4q-.36-.36-.36-.875 0-.515.36-.875.36-.36.875-.36.515 0 .875.36.36.36.36.875 0 .515-.36.875-.36.36-.875.36-.515 0-.875-.36\"/>',\n '<path d=\"m11.977-174.3h-8.768v-2.299h9.01q2.265 0 2.265 2.128v1.39h-1.682v-.463q0-.377-.172-.566-.172-.189-.652-.189m-9.455-1.15q0 .515-.369.892-.369.377-.892.377-.523 0-.892-.377-.369-.377-.369-.892 0-.515.369-.884.369-.369.901-.369.532 0 .892.369.36.369.36.884\"/>',\n '<path d=\"m6.325-181.91q0-2.128 2.265-2.128h.892q2.265 0 2.265 2.128v1.905q0 2.128-2.265 2.128h-.532v-2.128h.755q.137 0 .24-.094.103-.094.103-.232v-1.407q0-.137-.103-.232-.103-.094-.24-.094h-1.03q-.137 0-.24.094-.103.094-.103.232v1.767q0 2.128-2.265 2.128h-.772q-2.265 0-2.265-2.128v-1.802q0-2.128 2.265-2.128h.309v2.128h-.532q-.137 0-.24.094-.103.094-.103.232v1.304q0 .137.103.232.103.094.24.094h.909q.137 0 .24-.094.103-.094.103-.232v-1.767\"/>',\n '<path d=\"m5.305-190.99h4.197q2.271 0 2.271 2.133v1.944q0 2.133-2.271 2.133h-4.197q-2.271 0-2.271-2.133v-1.944q0-2.133 2.271-2.133m4.679 2.305h-5.178q-.138 0-.241.095-.103.095-.103.232v.946q0 .138.103.232.103.095.241.095h5.178q.138 0 .241-.095.103-.095.103-.232v-.946q0-.138-.103-.232-.103-.095-.241-.095\"/>',\n '<path d=\"m11.786-194v2.36h-8.595v-2.149h.44q-.616-.546-.616-1.656v-.37q0-2.184 2.325-2.184h6.446v2.36h-6.728q-.141 0-.247.097-.106.097-.106.238v.969q0 .141.106.238.106.097.247.097h6.728\"/>',\n '</g>',\n '</svg>'\n ].join(''));\n \n NodeStyle.textContent =\n [\n '#mdb { min-height: 115px; overflow: auto; }',\n '#json { min-height: 115px; height: -moz-calc(' + min_height + 'vh - ' + offset + 'px); height: -o-calc(' + min_height + 'vh - ' + offset + 'px); height: -webkit-calc(' + min_height + 'vh - ' + offset + 'px); height: calc(' + min_height + 'vh - ' + offset + 'px); overflow: auto; }',\n '.path-divider { color: #666; margin: 0 0.25em; }',\n '#mdb .ace_gutter { background: #ebebeb url(' + textSVGMetaJS + ') repeat-y scroll left top !important; }',\n '#json .ace_gutter { background: #ebebeb url(' + textSVGMetaJSON + ') repeat-y scroll left top !important; }',\n \n \n ].join('\\n')\n ;\n document.head.appendChild( NodeStyle);\n \n // Fix title to be native\n var scriptNameX = null;\n meta.UserScript['name'].forEach(function (e, i, a) {\n if (!e.locale) { // Default to absent locale... requirement of OUJS to have `@name`\n scriptNameX = e.value;\n }\n });\n \n titleNode.textContent = 'Meta ' + scriptNameX + ' | OpenUserJS';\n \n // Create meta views\n var jsonNodePre = document.createElement('pre');\n jsonNodePre.classList.add('ace_editor');\n jsonNodePre.classList.add('ace-dawn');\n jsonNodePre.id = 'json';\n jsonNodePre.textContent = JSON.stringify(meta, null, ' ');\n \n var mdbNodePre = document.createElement('pre');\n mdbNodePre.classList.add('ace_editor');\n mdbNodePre.classList.add('ace-dawn');\n mdbNodePre.id = 'mdb';\n mdbNodePre.textContent = responseTextMetaJS;\n \n var atIcon = meta.UserScript['icon'];\n if (atIcon) {\n atIcon = meta.UserScript['icon'][0].value;\n \n var pageHeadingIconNodeSpan = document.createElement('span');\n pageHeadingIconNodeSpan.classList.add('page-heading-icon');\n pageHeadingIconNodeSpan.setAttribute('data-icon-src', atIcon);\n \n var pageHeadingIconNodeI = document.createElement('i');\n pageHeadingIconNodeI.classList.add('fa');\n pageHeadingIconNodeI.classList.add('fa-fw');\n pageHeadingIconNodeI.classList.add('fa-file-code-o');\n \n pageHeadingNodeH2.insertBefore(pageHeadingIconNodeSpan, pageHeadingNodeH2.firstChild);\n pageHeadingIconNodeSpan.appendChild(pageHeadingIconNodeI);\n \n var scriptIconNodeImg = document.createElement('img');\n scriptIconNodeImg.addEventListener('load', function () {\n pageHeadingIconNodeSpan.removeChild(pageHeadingIconNodeI);\n pageHeadingIconNodeSpan.appendChild(scriptIconNodeImg);\n });\n scriptIconNodeImg.src = atIcon;\n }\n \n scriptAuthorNodeA.textContent = decodeURI(userName);\n pathDividerNodeSpan.textContent = \"/\";\n scriptNameNodeA.textContent = scriptNameX;\n \n var issueCount =\n meta.OpenUserJS &&\n meta.OpenUserJS.issues &&\n meta.OpenUserJS.issues[0] &&\n typeof meta.OpenUserJS.issues[0].value !== 'undefined'\n ? meta.OpenUserJS.issues[0].value\n : 'n/a';\n \n navNodeA4Span4.textContent = issueCount;\n \n var installCount =\n meta.OpenUserJS &&\n meta.OpenUserJS.installs &&\n meta.OpenUserJS.installs[0] &&\n typeof meta.OpenUserJS.installs[0].value !== 'undefined'\n ? meta.OpenUserJS.installs[0].value\n : 'n/a';\n \n navbar1TextNodeP.appendChild(document.createTextNode(' ' + installCount));\n navbar2TextNodeP.appendChild(document.createTextNode(' ' + installCount));\n \n \n hookNode.appendChild(mdbNodePre);\n hookNode.appendChild(jsonNodePre);\n \n var wrappedNodeInput = document.createElement('input');\n wrappedNodeInput.classList.add('btn');\n wrappedNodeInput.classList.add('btn-success');\n wrappedNodeInput.id = 'wrap';\n wrappedNodeInput.setAttribute('value', 'Wrap');\n wrappedNodeInput.type = 'button';\n \n var thisAce = (typeof ace !== 'undefined' ? ace : (window.wrappedJSObject ? window.wrappedJSObject.ace : null));\n \n if (!thisAce) {\n wrappedNodeInput.setAttribute('disabled', 'disabled');\n }\n \n wrappedNodeInput.addEventListener('click', function (aE) {\n var active = false;\n \n if (document.querySelector('pre#mdb')) {\n if (thisAce.edit('mdb').getSession().getUseWrapMode()) {\n thisAce.edit('mdb').getSession().setUseWrapMode(false);\n }\n else {\n thisAce.edit('mdb').getSession().setUseWrapMode(true);\n active = true;\n }\n }\n \n if (document.querySelector('pre#json')) {\n if (thisAce.edit('json').getSession().getUseWrapMode()) {\n thisAce.edit('json').getSession().setUseWrapMode(false);\n }\n else {\n thisAce.edit('json').getSession().setUseWrapMode(true);\n active = true;\n }\n }\n \n if (active) {\n aE.target.classList.add('active');\n } else {\n aE.target.classList.remove('active');\n }\n \n aE.target.blur();\n });\n \n var toolbarNodeDiv = document.createElement('div');\n toolbarNodeDiv.classList.add('btn-toolbar');\n \n toolbarNodeDiv.appendChild(wrappedNodeInput);\n \n hookNode.appendChild(toolbarNodeDiv);\n \n \n // Clean up\n hookNode.removeChild(NodeDiv);\n \n // Resize for older browsers\n if (!hasOurRelative()) {\n mdbNodePre.style.setProperty('height', calcHeight() + 'px', '');\n jsonNodePre.style.setProperty('height', calcHeight() + 'px', '');\n \n if (window.addEventListener) {\n window.addEventListener('resize', function () {\n mdbNodePre.style.setProperty('height', calcHeight() + 'px', '');\n jsonNodePre.style.setProperty('height', calcHeight() + 'px', '');\n }, false);\n }\n else if (window.attachEvent) {\n window.addEventListener('resize', function () {\n mdbNodePre.style.setProperty('height', calcHeight() + 'px', '');\n jsonNodePre.style.setProperty('height', calcHeight() + 'px', '');\n });\n }\n }\n \n // Activate Ace\n if (thisAce) {\n var mdb = thisAce.edit('mdb');\n mdb.setTheme('ace/theme/dawn');\n mdb.getSession().setMode('ace/mode/javascript');\n mdb.container.style.fontFamily = \"monospace\";\n mdb.setReadOnly(true);\n \n var mdj = thisAce.edit('json'); \n mdj.setTheme('ace/theme/dawn');\n mdj.getSession().setMode('ace/mode/javascript');\n mdj.container.style.fontFamily = \"monospace\";\n mdj.setReadOnly(true);\n }\n \n break;\n default:\n NodeDiv.classList.remove('alert-warning');\n NodeDiv.classList.add('alert-danger');\n \n NodeStrong.textContent = 'ERROR';\n NodeText.textContent = ': Unable to fetch the meta.json with status of: ' + this.status + this.statusText +\n (this.status === 429 ? '. Try again in ' + (this.getResponseHeader('Retry-After') ? this.getResponseHeader('Retry-After') + ' seconds.' : 'a few.') : '');\n break;\n }\n }\n };\n req.send();\n \n break;\n default:\n NodeDiv.classList.remove('alert-warning');\n NodeDiv.classList.add('alert-danger');\n \n NodeStrong.textContent = 'ERROR';\n NodeText.textContent = ': Unable to fetch the meta.js with status of: ' + this.status + ' ' + this.statusText +\n (this.status === 429 ? '. Try again in ' + (this.getResponseHeader('Retry-After') ? this.getResponseHeader('Retry-After') + ' seconds.' : 'a few.') : '');\n \n break;\n }\n }\n };\n req.send();\n }\n }\n else {\n var sourceNode = document.querySelector('#content-navbar ul.nav li a[href$=\"/source\"]');\n if (sourceNode) {\n hookNode = sourceNode.parentNode.parentNode;\n \n var NodeA = document.createElement('a');\n NodeA.href = '/scripts/' + userName + '/' + scriptName + '/meta';\n NodeA.textContent = 'Meta';\n NodeA.classList.add('notranslate');\n NodeA.setAttribute('translate', 'no');\n \n var NodeLi = document.createElement('li');\n NodeLi.appendChild(NodeA);\n \n hookNode.insertBefore(NodeLi, sourceNode.parentNode.nextSibling.nextSibling);\n }\n }\n }\n \n})();", "css": "", "matches": [ "/^https?://openuserjs\\.org(?::\\d{1,5})?/scripts//", "/^http://localhost(?::\\d{1,5})?/scripts//", "https://openuserjs.org/scripts/*/*", "http://localhost:8080/scripts/*/*" ], "excludeMatches": [], "includeGlobs": [], "excludeGlobs": [], "matchAboutBlank": false, "runAt": "document_idle", "error": "Type error for parameter userScriptOptions (Error processing matches.0: Value \"/^https?://openuserjs\\\\.org(?::\\\\d{1,5})?/scripts//\" must either: be one of [\"<all_urls>\"], must either [match the pattern /^(https?|wss?|file|ftp|\\*):\\/\\/(\\*|\\*\\.[^*/]+|[^*/]+)\\/.*$/, or match the pattern /^file:\\/\\/\\/.*$/], or match the pattern /^resource:\\/\\/(\\*|\\*\\.[^*/]+|[^*/]+)\\/.*$|^about:/) for userScripts.register." } }, "template": { "css": "", "js": "" } }Went to see if the editor had any settings I missed first quick glance... check box for "Enabled" said it was unticked. Ticked it... reloaded web page... new tab load... both not injecting.
Do see your JSON
erroron the regular expression includes... should skip over those if your extension doesn't support them... perhaps the main issue.Bottom line... doesn't seem to inject .user.js yet I think in this use case.
Have not tested UserCSS yet. Scripts are more important to me. :)
Interface is snappy (very nice)... perhaps needs more tooltips eventually under "Script & CSS" panel/sidebar so I know what they do without blindly clicking and seeing what explodes/works. ;) Those icons could use a little larger for high DPI screens... mines not and I have to look pretty close to my monitor just to see what they are. Duplicate, I think of scripts and css with respective checkbox for example is something I can't immediately figure out with more in-depth testing.
Anyhow... looking forward to updates to test and any feedback you want me to try. I don't have a whole lot of time to examine in-depth WebExtensions since the site keeps me very busy... but I'll try to try. 😸
System:
Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0... profile "dirty" e.g. well used/laundry list (hope you don't mind this for a start)
The text was updated successfully, but these errors were encountered: