Greasy Fork

Violentmonkey compatibility

Nice work on bringing these back!

Unfortunately, it doesn't work with Violentmonkey, but it's easily fixed by adding the following line to the metadata section:

// @inject-into content

Thanks for the heads up! I just updated the script, it should work as intended now.

The problem is caused by the fact that Firefox applies Content-Security-Policy of the page to the extension's script elements created by Violentmonkey (the extension uses the classic approach to running userscripts). This is not really a problem of this userscript so adding // @inject-into content is not a solution. All scripts are affected by this so people who use Firefox and Violentmonkey should simply allow it automatically decide the injection mode in Violentmonkey's settings -> Advanced -> Default injection mode -> auto (preferred and default mode) or content.

@wOxxOm The directive is ignored by other engines. Requiring users to configure their userscript engine to use this — or any other userscript — is not a reasonable solution for any other user.

There should be no need to configure anything nowadays because modern Violentmonkey automatically checks the injection mode in Firefox. So, my point is that this was a meaningless change. It's also never needed in Chrome.

P.S. I see the auto mode has become the default only since VM 2.12.2 so users who had an older version already installed are still using the old page mode.

It's not the default for users (like myself) who have been using Violentmonkey since before the directive was introduced, which is why I've suggested this (and why I haven't changed the default).

I doubt most of the 50,000-odd users of Violentmonkey/FF who came on board before v2.10 v2.12.2 are even aware of the change , so all they'll see is that the script doesn't work and move along (which was my first reaction).

This small change is harmless in all other circumstances and makes the script work out of the box for me and no doubt other users. The alternative is to knowingly exclude a sizeable chunk of users for dogmatic reasons rather than implementing a simple fix.

You would have to add this to every userscript that runs on pages with restrictive CSP in Firefox. It's simply unreasonable. Hopefully, Violentmonkey will force-switch to auto for existing users in the future.

It's already implemented, and the issue doesn't crop up on most sites (I only ever see it on Google, GitHub and Twitter). This script didn't work out of the box for the vast majority of Violentmonkey/FF users (up to 80%) prior to this fix, and there's absolutely no downside, so I beg to differ on what's unreasonable here.

There is a theoretical downside to the content mode as it requires more internal work (negligible) and it breaks unsafeWindow (could be essential). If you want to go on suggesting userscript authors to add this kludge, at least suggest @inject-into auto which will preserve the normal default behavior when possible i.e. in 99.999% of cases.

Thanks for confirming there's no downside.

If you want to go on suggesting userscript authors

I wasn't aware I needed your permission, but if you really object to engine-specific "kludges", you might do well to start here.

Thanks for confirming there's no downside.

I was referring to the general problems of content mode, not this script in particular. BTW another problem may be due to changes in timing for document-start script.

I wasn't aware I needed your permission

The point was that @inject-into auto is a safer choice.

start here.

@connect is a rather sensible security feature, not a kludge. Hopefully, it'll be implemented in other engines as well.

@connect is a rather sensible security feature

It's an engine-specific workaround that's "never needed" in any other userscript engines. If that's OK, then I fail to see the point of this commentary (on a fix that's already been implemented).

(Also, I doubt anyone who takes security seriously would be caught dead using a closed-source userscript engine, particularly one that has every possible tracking/reporting "feature" enabled by default.)

Either way, this discussion is moot since this will likely be fixed in the next version of Violentmonkey.