Greasy Fork is available in English.

Greasy Fork我们允许在特定情况下使用外部代码。任何脚本发现使用超出允许范围的外部代码都将会被删除。如发现脚本违反这些规则,请举报。

请注意,这些规则仅适用于外部可执行代码。那些加载但不可执行代码不受限制,例如JSON或CSS。

运作机理

User scripts have the technical ability to load and execute other scripts. This can be done in a few different ways, including:

While this is a useful feature and most script authors use this for legitimate purposes, it can also be used maliciously. One of the core principles of Greasy Fork is that the user must be able to inspect the code in a script. External scripts can bypass this principle in a number of ways: they can change without warning or history, they can serve up different code to different people, and they can be used to hide malicious code in the middle of known libraries. Even if someone were to check an external script and determine it to be legitimate, that would be no guarantee that that script always has been or always will be legitimate.

允许的外部代码

The following are the ways external code is allowed on Greasy Fork. Unless otherwise specified, all other rules for code apply to the external code.

内容交付网络(CDN)

允许使用源自 CDN 的代码。详见获准 CDN 名单。代码可以缩小,但不能混淆。

附有子资源完整性散列的脚本

允许使用 Tampermonkey 格式 下的有子资源完整性@require@resource URL。

Greasy Fork 库

Scripts posted as libraries on Greasy Fork are allowed. Libraries can be created by choosing the option when creating a new script. These can additionally be set to sync from an external URL, like a GitHub repository.

Injection of scripts from the origin host

Injection of external scripts on the same domain as where they came from is allowed. If a script runs on https://example.com, and downloads https://example.com/script.js, modifies it, and injects back on https://example.com/, this would be allowed.

If https://example.com/script.js is injected onto https://differentsite.com, this would be disallowed.