Này người xa lạ!

Còn chờ gì nữa mà không mau đăng nhập hoặc đăng ký để cùng tham gia thảo luận với cộng đồng!

Why is this code so obfuscated and what is this xLocStor call to savelocalstorage to your Github?!?

About: Google Search Extra Buttons

I see your translated partial answer to this but this sure looks like stealing of user data these calls to post my data via xLocStor to your Github at this URL:

spmbt.github.io/googleSearchExtraButtons/saveYourLocalStorage.html

Can you please explain in detail and is there a reason you do not offer a non-obfucated version of the code for review on your Github?

Bình luận

  • đã sửa April 2018 Firefox
    Hi, Collin!
    I did explain it in this dialog: https://greasyfork.org/ru/forum/discussion/11352/quick-question .
    In short words: Google cleans own localStorage in his domain google.com or national (google.de etc.), so we have to save settings of user in any another domain.

    About 'obfuscation': this is my native style of code for moment of creating. In the work we need follow to corporative rules, but in opensorse of author's code I afford my style of code. (It varies for various projects.)
  • That posted answer absolutely does NOT explain EXACTLY what personal data of mine has been continually posted and saved to your friggin Github, nor did you EVER disclose, either in the script description, comments, or webpage that this would be actively UPLOADING PERSONAL DATA from my browser to your server!

    So I'll ask the same question again and hopefully here you can clarify and then properly update both the script details as well as the script itself with a proper disclosure and details:

    1. WHAT EXACTLY ARE YOU STORING FROM LOCAL STORAGE?
    2. WHERE ARE YOU STORING THIS DATA?
    3. HOW LONG IS THIS RETAINED?
    4. CAN I ACCESS MY SAVED DATA ON YOUR SERVER?

    In addition, I would STRONGLY suggest if you expect anyone who learns of this to ever trust you enough to continue using your scripts that you immediately add a script option (with instruction) on how to disable/enable and opt-in/out. A proper way to have done this would have been to default to NOT quietly UPLOADING everyone's local storage to your server, but to provide an opt-in to enable it after selling us all on the great benefits and security of putting my browsers' personal local storage onto your friggin Github repo.

  • đã sửa April 2018 Firefox

    OK, Collin, let me explain this in more detail.

    [Question]

    does NOT explain EXACTLY what personal data of mine has been continually posted and saved to your friggin Github

    [Answer]: In fact, your data does not arrive at spmbt.github.io (except cookies with which github.io server works, but I may not read its in JS). My JS works only with kind of browser memory with name "localStorage" which is stored on your client computer. It is not sent to the server automatically, but I am not have any data to send in the code of my userscript, as it is easy to verify. This localStorage memory depends on the domain in which your page resides. Memory on google.com is not the same memory on the google.de or spmbt.github.io domain. But the owner of the page, Google, can erase the contents of this memory in their scripts, partially or completely (the command localStorage.clear()) and does this (obviously, against hackers who intentionally clog all available memory with 5 MB)). The same goes Facebook on its pages also and a number of other large companies.

    Therefore, in order to avoid losing the saved user data, I use my domain https://spmbt.github.io to store data in the localStorage of this domain and using the function window.addEventListener('message', function(ev){ ... }).

    In addition, I would STRONGLY suggest if you expect anyone who learns of this to ever trust you enough to continue using your scripts that you immediately add a script option (with instruction) on how to disable/enable and opt-in/out

    [Answer]: That's right, I plan to do it. One time ago I was receive ask to turn off github.io, because there are places in China (as I understand it) where this domain is unavailable and this prevents using the script. But most users understand why we need to use a foreign domain such as spmbt.github.io and they need the memory settings of this script.

    2 years ago in the history of the script this function did not exist, and so everyone was forced to change the script code in order to store their personal data (for example, domains for searching the site under the button "site"). I think it has become more convenient now. If someone wants to transform the code and make a pull-request, I'll allow it on the Github (it's better to first report me the plan, but generally Github allows you to make a clone without a further pull-requester).

    It's also possible to progress the style of the code, but it was comfortably for me to write compact code with several operators in a line, so I have fewer pages appeared on the screen.

    (detailed description of my code)

    ==The advantage of user-JS is that the code is opened and everything that it writes in the localStorage is visible in the code - these are the user's script settings.

  • Sounds like this is settled, closing.

Bài viết đã bị khóa.