Test script:
// ==UserScript==
// @name Mail.ru test
// @namespace Violentmonkey Scripts
// @match *://my.mail.ru/*
// @grant none
// @version 1.0
// @author -
// @grant GM_xmlhttpRequest
// ==/UserScript==
(function() {
var url = "https://www.google.com/";
console.log("Sending a request from", document.location.href, document.documentElement);
GM_xmlhttpRequest({
url: url,
method: "HEAD",
onload: function(resp) {
console.log(document.documentElement, document.location.href, resp);
}
});
})();
I get the following result when run on https://my.mail.ru/:
Sending a request from https://my.mail.ru/ ...
Sending a request from https://my.mail.ru/static/myrb2.html ...
... "https://my.mail.ru/static/myrb2.html" [response object]
Using chrome's network inspector, it will show the following network request:
chrome-extension://.../background/undefined
Firefox doesn't show the first request, only the second (successful) one.
The issue appears under both Firefox and Chrome, using the latest git version (https://github.com/violentmonkey/violentmonkey/commit/33c468a03afe9780b5e8f79c4a9b2af5c7af7afd).
The reason for this bug is that we are still using unsafe calls in master: Array.reduce inside objectPick specifically. I've fixed this in #863 which will be eventually reviewed, I hope...
P.S. The successful request is performed in a different frame that doesn't have that js library with the weird custom Array.reduce implementation.
@qsniyg, thanks for testing as usual, at the moment you're our only hope of catching bugs before a release.
Thank you for fixing the issues so quickly! I can imagine it must be pretty difficult (especially that commit), your work is really appreciated :)
This particular issue wasn't hard to fix.
The linked PR is big because it contains other features/changes.
Most helpful comment
@qsniyg, thanks for testing as usual, at the moment you're our only hope of catching bugs before a release.