Discussioni » Feedback di Greasy Fork
Code使用了一个未经批准的外部脚本
https://greasyfork.org/en/help/cdns
you can use this https://www.jsdelivr.com/github
jsdelivr is not blocked in China
https://greasyfork.org/en/help/cdns
you can use this https://www.jsdelivr.com/github
jsdelivr is not blocked in China
Thanks, @𝖢𝖸 𝖥𝗎𝗇𝗀.
The file I referenced was not a standard librarie, and it was not released, So jsdelivr cannot generate links that comply with greasyfork external link rules. I've changed the references back to the Greasyfork librarie so that those third-party mirror sites can automatically mirror the library files as well. The only thing is that the update can't use github webhook, just have to update it manually.
The only thing I can't understand is that since the external link site supports subresource integrity hashes in the rules, but it actually refuses, and I don't understand what this is doing.
it was not released, So jsdelivr cannot generate links that comply with greasyfork external link rules.
You don't need to release.
Your file is hosted in https://github.com/F9y4ng/GreasyFork-Scripts/blob/master/lib/frColorPicker.js
Your raw file is https://raw.githubusercontent.com/F9y4ng/GreasyFork-Scripts/refs/heads/master/lib/frColorPicker.js
Since Greasyfork needs commit-specific version. Your last commit is https://github.com/F9y4ng/GreasyFork-Scripts/tree/eed6c82925c3bae43229b9aa57ea00affcbea00b
Then use https://www.jsdelivr.com/github
Paste https://raw.githubusercontent.com/F9y4ng/GreasyFork-Scripts/eed6c82925c3bae43229b9aa57ea00affcbea00b/lib/frColorPicker.js
and generate
When you update the script, change eed6c82925c3bae43229b9aa57ea00affcbea00b to the newer commit. jsdelivr will also fetch the latest and make it "CDN"
GreasyFork (Jason) trusts the website domain more than subresource integrity hashes
Also he encourages developers to use CDN links and GreasyFork library. The files in these sources look "secure". If you put files in your arbitrary domain, they could be dangerous scripts.
Haha, this so-called security measure is very self-deception, which is ironic. However, thanks for your advice. @𝖢𝖸 𝖥𝗎𝗇𝗀
Also, if GF does not support subresource integrity hashing, don't mislead others on the guidance page referenced by external scripts.
Use of @require and @resource with URLs with subresource integrity in the Tampermonkey format is allowed.
// @require https://code.jquery.com/jquery-2.1.1.min.js#md5=45eef...
The separator between the hash format (md5, sha256, etc.) and the hash is =, not -.
Use of @require and @resource with URLs with subresource integrity in the Tampermonkey format is allowed.
Tampermonkey format:
// @require https://code.jquery.com/jquery-2.1.1.min.js#md5=45eef...
The separator between the hash format (md5, sha256, etc.) and the hash is =, not -.
I have seen the similar discussion before in Greasy Fork. - shall be acceptable as this is well recongized by the major userscript managers.
https://www.tampermonkey.net/documentation.php?locale=en#api:Subresource_Integrity
I have found the discussion. You said you will update but you have forgotten.
Doesn't look like so much as forgotten as incomplete, because I did make a change.
Yeah, I did try to support it, and even added tests for it, but the tests passed because I was using a URL that would be allowed even without the hash. I've fixed it now.
Since greasyfork is blocked by the Chinese government, all calls to @require resources at the greasyfork address will cause TM to delay loading the script for tens of seconds, so I need to update to the new address. However, when updating, I was prompted: "Code is using an unauthorized external script".
Why are external addresses in scope not supported?
Scripts with subresource integrity hashes Use of @require and @resource with URLs with subresource integrity in the Tampermonkey format is allowed.
https://greasyfork.org/en/help/external-scripts?locale_override=1#:~:text=Scripts%20with%20subresource%20integrity%20hashes