Thanks for the replay, mavri.
It's a test to get the mechanism in place for my code library.
My code asks for a users Limited Access key with a prompt() then sets it into a granted tampermonkey GM variable (with 4.0 and legacy compatibility).
Then it accesses a random endpoint like /user/?selections=properties and fails if it gets "code": 2,
"error": "Incorrect key", back.
This triggers the XSS warning.
Tampermonkey XSS Warnings on Key validation script
-
Thread created on 12:05:44 - 29/03/24 (5 months ago)|Last replied 08:43:55 - 30/03/24 (5 months ago)I'm having trouble writing a script to prompt a user for their key, validate it, and then store it as a persistant variable.
It can be achieved if the user clicks 'Always Accept' on a Tampermonkey warning screen. But that's ugly and would freak out anyone unfamiliar with userscripting.
I've used scripts in the past that have done it silently.
The only alternative I can think of is to just do a: Replace YOUR-KEY-HERE line inside the script itself. But again, that's not very friendly to anyone new to userscripting.
Can anyone help?~~~~~ Retroscope ~~~~~
-
-
Posted on 13:19:31 - 29/03/24 (5 months ago)Post link copied to clipboard Copy post link> It can be achieved if the user clicks 'Always Accept' on a Tampermonkey warning screen. But that's ugly and would freak out anyone unfamiliar with userscripting.
Where are you making the request to? Since you can just make a TornAPI request it shouldn't prompt for that.
> Replace YOUR-KEY-HERE line inside the script itself. But again, that's not very friendly to anyone new to userscripting.
You can use a "prompt" or have an input somewhere (example) -
-
Posted on 15:36:30 - 29/03/24 (5 months ago)Post link copied to clipboard Copy post linkThanks for the replay, mavri.
It's a test to get the mechanism in place for my code library.
My code asks for a users Limited Access key with a prompt() then sets it into a granted tampermonkey GM variable (with 4.0 and legacy compatibility).
Then it accesses a random endpoint like /user/?selections=properties and fails if it gets "code": 2,
"error": "Incorrect key", back.
This triggers the XSS warning.~~~~~ Retroscope ~~~~~
-
-
Posted on 17:20:19 - 29/03/24 (5 months ago)Post link copied to clipboard Copy post linknot really on topic, but you can use the key endpoint to find out how good the key is and even if it is limited
https://api.torn.com/key/?selections=info&key= -
-
Posted on 21:34:30 - 29/03/24 (5 months ago)Post link copied to clipboard Copy post linkYou're probably missing the @connect GM tag in the userscript's headers. See https://www.tampermonkey.net/documentation.php?locale=en#meta:connectLast edited by tiksan on 21:34:45 - 29/03/24
-
-
Posted on 08:31:58 - 30/03/24 (5 months ago)Post link copied to clipboard Copy post linkThat's good info to have, mate. Ty :)
~~~~~ Retroscope ~~~~~
-
-
Posted on 08:43:55 - 30/03/24 (5 months ago)Post link copied to clipboard Copy post linkYes that's likely it!
I'd been toying with the @connect after seeing a related console message but couldn't get it working. I was flailing about in all diferent directions trying to find where I was failing, and I forgot to go back to it.
I'll have a good read through the relevent Tampermonkey mans and then revisit it again. But I'm pretty sure you just hit the nail on th head, mate.
Ty ?~~~~~ Retroscope ~~~~~
-