Server-Based Greasemonkey

By Deane Barker on July 15, 2005

It’s time for server-based Greasemonkey. I support an organization of a dozen or so people, and I find myself answering the same questions about the same Web sites and teaching people the same things over and over

There are so many times in the few weeks since taking that first puff of Greasemonkey, I’ve thought to myself: “I could write a script to fix that Web site.” But, shortly after, the rational part of me chimes in with: “But there’s no way you want to manage all those scripts floating around.”

But what if I built Greasemonkey into a proxy server? I’d route everyone’s traffic through that server, and when it detected a response coming from certain URL patterns, it’d Greasemonkey-up the returned HTML to fix the problems that irritate everyone.

Thus, everyone in this office would get “fixed” pages. Additionally, Internet Explorer users would get the same benefit — it’s cross-browser Greasemonkey.

Someone build this. Thanks.



  1. I did read that. Mark Pilgrim himself — who wrote “Dive Into Greasemonkey” — is recommending that people uninstall immediately. Everything I’ve read indicates that this flaw is inherent to the very concept of Greasemonkey, and can thus never be fixed.

    I need to look into it a bit further.

  2. This problem has been solved. First, by disabling the functions that created the security problem in version 0.3.5, then by refactoring the code to address the fundamental cause of the problem in 0.5, which is now in beta.

    A tempest in a teapot, thankfully.

  3. Um I dunno about this. First of all, why would I want someone to proxy all my web traffic? Then most of what I do, where I go, etc. is available to them. That alone makes it a non starter–but if we get past the obvious security issues, for this to be useful, the proxy would have to run a customized set of scripts for each subscriber, not one set of scripts for everyone using the proxy. That could certainly work, I guess–but then how does this really help solve the stated problem?

  4. The original author’s intend (what what I understood it at least) was to make the sme small modifications via their OWN proxy server at the office. They likely already have a proxy server in use, so the security concern isn’t there.

    As for how it solves the stated problem, the author of these scripts only has ONE spot to watch – the proxy server. If you’ve ever trioed to do patch management for a mid-sized organization, you’d realize how annoying it can be having multiple versions of multiple programs with multiple patch levels spread all over hell and back. Having everything done via a proxy server would be a dream.

    Think of it this way – a website commonly visited by the company displays better by removing a table element (or whatever). Instead of installing a script to fix that on every system (some of which likely don’t even run a GM compatible browser), then possibly having to update that script across every browser when the element changes… you change it via the proxy server (one script for all browsers and all fixes) which then feeds to “patched” page to everyone. If the element changes, then you fix that one script on the proxy server and magically all workstations are fixed. It’s brilliant.

    Join the GM discussion and learn. Brilliant people and fascinating ideas. The web is changing folks. Try to jump on the train near the beginning to stay a step ahead of the rest. =)

    — Peace. ~G

  5. The biggest reason that I do not use greasemonkey is that is is browser baser and not server based.

    I would like to see something that unifies privoxy and greasemonky.

    1. Proxy server, caching.
    2. Regular expression page editor (like privoxy).
    3. Document Object Model editing
    4. C, Ada or some other decent programming language, not Java, Javascript or C++; regexp is already perverse enough.

    5. Page synthesis that is: Create a virtual pages by rippinng pieces form here and there (many URLs), maybe even from your own postgres database and generate a page.

    6. Automatically download newer versions of scripts (if they carry a valid cryptograpic signature).

    7. More ideas?

    Regards, Peter

  6. Yes, I forgot:

    1. Script genertor: Some graphical tool with wich you can generate script fragments. Basically you highlight a section in a page and your get a set of proposals for regular expressions or documents XML paths for selecting or rejecting the segment.

    2. Genral page tidying: generate first of all some decent XHTML form the junk that is present all over the net.

Comments are closed. If you have something you really want to say, tweet @gadgetopia.