Autopager: safe to use?
December 24, 2008 9:32 AM Subscribe
Is it safe to use the Firefox extension "Autopager"?
I have a question about the Autopager extension (link). As far as I can tell, when I visit a site like google.com, the extension queries a database and downloads a script that allows me to see all the results in one infinite-scrolling page (as opposed to my having to click "next"). I guess the scripts are in XPath. My question is, is this safe, or am I potentially opening myself up to attacks, like the way I hear people can use javascript?
I might not have gotten the description quite right (not as big a geek as I wish I was). In any case, I'd appreciate it if someone could give me the bottom line and tell me this extension is safe to use (or not). Thanks!
I have a question about the Autopager extension (link). As far as I can tell, when I visit a site like google.com, the extension queries a database and downloads a script that allows me to see all the results in one infinite-scrolling page (as opposed to my having to click "next"). I guess the scripts are in XPath. My question is, is this safe, or am I potentially opening myself up to attacks, like the way I hear people can use javascript?
I might not have gotten the description quite right (not as big a geek as I wish I was). In any case, I'd appreciate it if someone could give me the bottom line and tell me this extension is safe to use (or not). Thanks!
Best answer: XPath is only (or at least primarily) valid in terms of parsing XML trees. It doesn't appear (to me) to have even remotely the power that Javascript has to generate and pursue queries. XPath itself is a vulnerability to a website, but not so much to a client (browser).
You should be aware that Firefox itself has much of the interface built in XUL, a kind of subset of XML. It's one of the reasons for the thriving add-on community, in fact.
Just from looking at the widget page I don't see any reason to be concerned about this particular add-on. It certainly doesn't seem more inherently vulnerable than any other add-on, and what it works with is a widely-trusted website and not much else.
Personally, I'd just set my Google preferences to 50 or 100 results, but YMMV.
posted by dhartung at 12:34 PM on December 24, 2008
You should be aware that Firefox itself has much of the interface built in XUL, a kind of subset of XML. It's one of the reasons for the thriving add-on community, in fact.
Just from looking at the widget page I don't see any reason to be concerned about this particular add-on. It certainly doesn't seem more inherently vulnerable than any other add-on, and what it works with is a widely-trusted website and not much else.
Personally, I'd just set my Google preferences to 50 or 100 results, but YMMV.
posted by dhartung at 12:34 PM on December 24, 2008
Best answer: I work for Mozilla.
Add-ons that you download from our site, addons.mozilla.org, have been reviewed by community members and you should consider them safe to use. I don't see Autopager, but that does not mean that it is dangerous- there are many addons that are not on Mozilla's site.
That said, I agree with box.
posted by gen at 2:28 PM on December 24, 2008
Add-ons that you download from our site, addons.mozilla.org, have been reviewed by community members and you should consider them safe to use. I don't see Autopager, but that does not mean that it is dangerous- there are many addons that are not on Mozilla's site.
That said, I agree with box.
posted by gen at 2:28 PM on December 24, 2008
Response by poster: Thanks to everyone who responded. The autopager is in fact available from the addons.mozilla.org page https://addons.mozilla.org/en-US/firefox/addon/4925. Good to know, thanks a lot.
posted by dicetumbler at 7:16 PM on December 24, 2008
posted by dicetumbler at 7:16 PM on December 24, 2008
I think the biggest danger would be that it's going to auto fetch and display results from pages that, by url-name alone, you as a person would know to avoid, say "get.a.virus.com".
posted by nomisxid at 9:00 PM on December 24, 2008
posted by nomisxid at 9:00 PM on December 24, 2008
FWIW, I had some problems with that script a while back. On some pages it was fetching pages improperly, messing with layouts, etc. (off the top of my head: Blogger, a few news sites). Maybe they've ironed out the bugs in the new release - YMMV.
posted by chrisamiller at 8:56 PM on December 25, 2008
posted by chrisamiller at 8:56 PM on December 25, 2008
This thread is closed to new comments.
Seems pretty safe, but, unless you can find somebody you trust implicitly to go through the source code, you probably can't be 100%, completely and absolutely sure. If I had a computer that I used to run nuclear power plants or hold nuclear launch codes or something, I wouldn't use this extension. For my personal use, though, I would feel pretty okay.
posted by box at 10:02 AM on December 24, 2008