related: #315
This will do a better job at preventing a userscript from calling api methods that were not in the @grant values and prevent userscripts from directly sending browser.sendMessage or calling browser methods like browser.storage.
In order to accomplish this userscript code needs to be isolated from the GM api code ("pre" code).
example:
const browser = window.browser;
delete window.browser;
(function() {
"use strict"
// userscript "pre" code
(function() {
const browser = undefined;
// userscript code
})();
})();
related: #315
This will do a better job at preventing a userscript from calling api methods that were not in the
@grantvalues and prevent userscripts from directly sendingbrowser.sendMessageor callingbrowsermethods likebrowser.storage.In order to accomplish this userscript code needs to be isolated from the
GMapi code ("pre" code).example: