theme selector

light blue screenshot grey screenshot navy screenshot dark green screenshot red and black screenshot

by Tony Chang

All opinions on this site are my own and do not represent those of my employer.

Creative Commons Attribution License

annotate Google

Jan 14, 2005, 01:51am EST



I’m working on a Firefox extension for annotating Google search result pages. It currently checks each page for RSS or Atom feeds and places links to feeds and also grabs a few popular tags from about the page.

I started working on it last weekend, but while reading evan‘s tech blog today, I learned about greasemonkey, a Firefox extension that allows you to overlay site specific javascript. Wow, that’s exactly what I needed. So I started using it but found out that it may not be ideal because of security problems features that apply to scripts, but not extensions. So I guess I can’t use greasemonkey after all, but it has provided a convenient way to test the script.

Oh, perhaps you want to try out the extension. While you’re welcome to install greasemonkey and try out annotate Google, it’s not quite ready yet. In addition to annoying security warnings on every Google SERP, it only makes one XMLHttpRequest at a time due to a bug on my part (new requests are clobbering old requests, maybe something’s wrong with my closure).

Update: I actually wrote it.

Jeremy Dunck at Jan 21, 2005, 12:27am EST

I’m involved in Greasemonkey, and thought you might like some feedback.

First, you’ve made it a bit problematic to install the user script. The extension adds an option (Install User Script…) to the context menu if the link’s name ends in “.user.js”, which allows the user to easily install it. However, the link in viewcvs takes you to the checkin log. If you want people to install it, you should directly link to the script itself, insuring that the URL ends in “user.js”.

Second, it may not be clear from the docs, but your script runs in the context of the document, not in the context of the extension. When Greasemonkey finds a URL match, it appends your script to the document’s DOM. I’m not sure if this addresses your security concern. … OK, looks like not, since you’re trying to fetch data from different URLs.

Third, if you do write scripts for Greasemonkey that you’re happy with, I’ve started a directory, so you may want to add it to that listing.

tony at Jan 21, 2005, 04:57am EST

There are also other problems like not using very unique function names, but due to the security issue, I’m just going to write a stand alone extension. Unfortunately, there will probably be bigger problems like not hammering too hard.

Thanks for the feedback anyway.

Jeremy Dunck at Jan 21, 2005, 11:27am EST

I realize it’s not going to help this situation, but is there a reason you couldn’t scope everything in an anonymous function, similar to what’s done here?

tony at Jan 21, 2005, 01:14pm EST

Nope, I was going to refactor it to that when I finished but I wasn’t quite there yet …

Jeremy Dunck at Jan 31, 2005, 12:17am EST

Tony, I’m very happy to have stumbled on something for you.

Via hackdiary, a script that uses delicious from a different site.

Note in the header of that script, these comments: // This script requires the following in your prefs.js:

// user_pref(“capability.principal.codebase.p0.granted”, “UniversalBrowserRead”);

// user_pref(“”, “”);

// user_pref(“signed.applets.codebase_principal_support”, true);

So it appears that a user can specifically punch holes in their security to allow special rights based on URL. So your particular use should be possible.

Ideal? No… but useful and interesting.

tony at Jan 31, 2005, 04:35pm EST

Cool! Thanks for pointing that out, I’ll look into it later.