Greasy Fork is available in English.

User scripts have the technical ability to load and execute other scripts. This can be done in a few different ways, including:

While this is a useful feature and most script authors use this for legitimate purposes, it can also be used maliciously. One of the core principles of Greasy Fork is that the user must be able to inspect the code in a script. External scripts can bypass this principle in a number of ways: they can change without warning or history, they can serve up different code to different people, and they can be used to hide malicious code in the middle of known libraries. Even if someone were to check an external script and determine it to be legitimate, that would be no guarantee that that script always has been or always will be legitimate.

### Allowed external code

To allow script authors to continue to use external scripts, Greasy Fork has implemented a list of allowed URL patterns that can be included with a script. This list consists of script locations that:

• Are public
• Will not have their contents change frequently
• Would likely be useful to more than one script author

If the script you wish to include is a JavaScript library (for example jQuery or YUI), try to find it on one of the sites listed below. cdnjs and jsDelivr in particular have a wide range of libraries available.

The current list is:

 75CDN ^https:\/\/cdn\.baomitu\.com\/.* 75CDN ^https:\/\/lib\.baomitu\.com\/.* Baidu Analytics ^https://hm\.baidu\.com/hm\.js.* You must include @antifeature tracking if you use this. Baidu CDN ^(https?:)?\/\/libs\.baidu\.com\/.* Baidu CDN ^https:\/\/apps\.bdimg\.com\/.* Baidu CDN ^https:\/\/code\.bdstatic\.com\/.* BootCDN ^https://cdn\.bootcdn\.net\/.* Bootstrap中文网开放CDN服务 ^(https?:)?\/\/cdn\.bootcss\.com\/.* BowerCDN ^https:\/\/bowercdn\.net\/.* ByteDance ^https:\/\/[^/]*\-cdn\-tos\.bytecdntp\.com\/cdn\/.* cdn.kaskus.com ^(https?:)?\/\/cdn\.kaskus\.com\/.* cdnjs-hosted libraries ^(https?:)?\/\/cdnjs\.cloudflare\.com\/.* Firebase CDN ^(https?:)?\/\/cdn\.firebase\.com\/.* GitCDN (commit-specific URLS only) ^https:\/\/(www\.)?gitcdn\.(xyz|link)\/(cdn|repo)\/[^/]+\/[^/]+\/[0-9a-f]{40}/.*$ gm4-polyfill ^https:\/\/greasemonkey\.github\.io\/gm4\-polyfill\/gm4\-polyfill\.js(\?.*)?$ Google Analytics ^https:\/\/ssl\.google\-analytics\.com\/ga\.js.* You must include @antifeature tracking if you use this. Google Hosted Libraries on apis.google.com ^https:\/\/apis\.google\.com\/.* Google Hosted Libraries on googleapis.com ^(https?:)?\/\/[a-z]+\.googleapis\.com\/.* Google Maps API ^(https?:)?\/\/maps\.google\.com\/maps\/api\/js.* Google Tag Manager ^https:\/\/www\.googletagmanager\.com\/gtag\/js.* You must include @antifeature tracking if you use this. Google Translate ^https:\/\/translate\.google\.com\/translate_a\/element\.js$ Google-hosted libraries on www.gstatic.com ^https:\/\/www\.gstatic\.com\/.* Greasy-Fork-hosted scripts (https://greasyfork.org/scripts/*.js) ^(https?:)?\/\/greasyfork\.org\/scripts\/.+\.js.* Greasy-Fork-hosted third party libraries on https://greasyfork.org/libraries/ ^(https?:)?\/\/greasyfork\.org\/libraries\/.* gwdang CDN ^https:\/\/cdn\.gwdang\.com\/.* gwdang_extension.js ^https:\/\/browser\.gwdang\.com\/get\.js\?f=\/js\/gwdang_extension\.js$ Highcharts CDN ^(https?:)?\/\/code\.highcharts\.com\/.* jQuery on code.jquery.com ^(https?:)?\/\/code\.jquery\.com/.* jsDelivr GitHub commit-specific references ^(https?:)?\/\/(cdn|test1|testingcf|fastly|gcore)\.jsdelivr\.net\/gh\/[^/]+\/[^/@]+@[a-f0-9]{40} cdn.jsdelivr.net is the primary subdomain, but others are allowed in case of firewall blocks. jsDelivr npm version-specific references ^(https?:)?\/\/(cdn|test1|testingcf|fastly|gcore)\.jsdelivr\.net\/npm\/.+@[0-9\.]+.* cdn.jsdelivr.net is the primary subdomain, but others are allowed in case of firewall blocks. jsDelivr-hosted libraries ^(https?:)?\/\/(cdn|test1|testingcf|fastly|gcore)\.jsdelivr\.net\/(?!(gh|npm)\/).* cdn.jsdelivr.net is the primary subdomain, but others are allowed in case of firewall blocks. Layui https://www\.layuicdn\.com\/.* LingoCloud ^https:\/\/caiyunapp\.com\/dest\/trs\.js.* MathJax CDN ^(https?:)?\/\/cdn\.mathjax\.org\/.* Microsoft Ajax CDN ^(https?:)?\/\/ajax\.aspnetcdn\.com\/.* Mousetrap ^https:\/\/craig\.global\.ssl\.fastly\.net\/js\/mousetrap\/.* OpenUserJS libraries ^(https?:)?\/\/openuserjs\.org\/src\/libs\/.+\.js.* Recaptcha ^https://www\.google\.com/recaptcha/api\.js$ Sleazy-Fork-hosted scripts (https://greasyfork.org/scripts/*.js) ^(https?:)?\/\/sleazyfork\.org\/scripts\/.+\.js.* Sleazy-Fork-hosted third party libraries on https://greasyfork.org/libraries/ ^(https?:)?\/\/sleazyfork\.org\/libraries\/.* static.hdslb.com ^(https?:)?\/\/static\.hdslb\.com\/.* Todoist Anywhere ^(https?:)?\/\/todoist\.com\/anywhere\/.* unpkg ^https:\/\/unpkg\.com/.* Version-specific packd URLs ^https:\/\/bundle\.run\/[^@]+@[0-9\.]+$ Wysibb CDN ^(https?:)?\/\/cdn\.wysibb\.com\/.* 开放静态文件 CDN ^(https?:)?\/\/cdn\.staticfile\.org\/.* 快手 CDN ^https://static\.yximgs\.com/.*

URL is allowed URL is not allowed

If the script you wish to include is not available on the sites above, let us know and we can find somewhere it is (or host it ourselves!).

If the script you wish to include was written by you, you can submit it as a separate entry on Greasy Fork by choosing the "Library" script type. You will then be able to include this posted library in your script.

### Special cases

In addition to the list above, the following uses are also allowed:

• Loading a site's existing code for use on the same site (e.g. using example.com/script.js on example.com).
• Loading a resource that is data only, for example a JSON file, without executing any of it.

The following uses are also disallowed: