Updated Live Search 8

I took the time to update the Google Live Search Greasemonkey script a bit to make it a bit more defensive. While I was messing with I also added code to update the links above the search field to go to the search terms that the last result used (instead of the search term the initial page was loaded with).

  • http://gmk.com.br Claudio

    Can’t I use it in BLOG / SITE local live search form?? It’s is so complete!!

  • http://www.challenger.se Hakan Bilgin

    GreaseMonkey, either I don’t get it or…isn’t this a dangerous feature?

    A malicious developer can create and execute scripts on sites that are using Ajax, for instance. Isn’t this (almost) exactly the same as injection of code in IE, that isn’t undesirable? Or have I missed out on something?

    If I have interpreted it correct, then this is Ajax enemy #1.

  • http://erik.eae.net Erik Arvidsson

    No, GreaseMonkey is something that you have to install, just like any other extensions. Someone can make a user script that posts data to a rogue server but the user would first have to install that script. The same issues apply to extensions (even in IE).

    It is injection of code but the end user is the one injecting the code.

  • http://www.challenger.se Hakan Bilgin

    Exactly. Let me try one more time:
    I am the malicious guy. I create and install a GM-script on my own browser and start executing Ajax and RPC stuff that reside on your site or Bindows. Isn’t this dangerous and undesirable for you?

    And then we have bank sites and other more sensitive sites.

  • http://erik.eae.net Erik Arvidsson

    Undesirable, maybe. Dangerous, nope. You can do that in tons of ways without GreaseMonkey. Nothing changes from a server side perspective. Take bookmarklets for example: Bookmarklets are basically the same except that bookmarklets are not run automatically. With GM you can say that you want a script to run on all pages that matches a regexp.

  • http://www.challenger.se Hakan Bilgin

    We’re interpreting dangerous differently…When MS first introduced wsh, the intensions were good but it were used for virus creation. It shouldn’t take long before GM will be used for tailored attacks.

    This will probably result in blocking of browsers that support GM (if its possible, since you probably can override that with GM).

    A little dramatic I know, but I have a bad feeling about this.

  • http://erik.eae.net Erik Arvidsson

    But you can only tailor attacks against yourself. And that isn’t half as fun.

    Blocking: All browsers supports javascript bookmarks and all browsers I know now have GM like features. Opera has it built in from the beginning. I don’t remember the name of the IE plugin and I’m pretty sure Safari has this as well (Pimp my Safari).

    I don’t think you understand how GM works? You cannot do anything with GM that you cannot do without it. It only makes things easier to do. I can always open a HTTP connection and do whatever I want towards the server. You don’t want to block the internet do you? It all comes down to that it is you that decide what should be run. If you want to install the Google toolbar you can do that and that even have access to your local OS.

  • Pingback: Deborah Lewis()