Mark Pilgrim goes both ways

Amazon Affiliate Hijacker: Mark’s Greasemonkey script to rewrite all Amazon links to include your choice of affiliate ID.

Amazon Affiliate Anti-Hijacker: Mark’s JavaScript to include in your own pages, to rewrite all your Amazon affiliate links back to including your affiliate ID.

Both scripts have already been revised since I first saw them, a few hours ago, so there’s still plenty of time, but I really think it would be funnier if they were fighting a little more. The Greasemonkey script is giving in way too easily, only running at the DOMLoaded event when Greasemonkey runs, rather than registering an onload listener that can fight to run after any rewrite-back script runs. Then the anti-script can go back to its first style, saving off the existing onload and manually running it, and can then check again after running the rest of onload to be sure it hasn’t been overwritten. Though the Greasemonkey script would probably then just continually call itself on a timer on any page including Amazon links, like the anti-AutoLink script does.

Yeah, it’s sick that it amuses me this much. Yeah, I did play chess against myself when I was a kid (though that was only because my brother was so much older than me, and smarter than me, that I couldn’t figure out how he was cheating).

8 Comments

Comment by Mark #
2005-03-31 21:09:18

It went 6 rounds, until I stumbled upon the ultimate solution: how to completely disable all Greasemonkey scripts on your web site.

Knockout in the 7th round. Winner: content producers.

Comment by Phil Ringnalda #
2005-03-31 21:33:10

The downside of finding the ultimate weapon is that you get such a short time to celebrate, and scare hell out of everyone else on the planet, before someone else develops the ultimate-ultimate-plus-one weapon. Aaron’s already talking about letting Greasemonkey get in before anything happens in the page, I think by registering as a stream listener and then passing the (altered) incoming HTML off to the parser. Plus, since you’re lowly content there, fighting the chrome parts of Greasemonkey, I’d guess in the long run you don’t have much of a chance. Say that instead of calling addEventListener(), Greasemonkey calls XPCNativeWrapper(window, 'addEventListener()').addEventListener()? If I understand how it works (a dubious if, to be sure), then GM no longer cares what you do to the content-accessible version.

Comment by Ben Karel #
2005-04-01 12:29:43

Spot-on analysis, Phil… Chrome Always Wins ;)

GreaseMonkey could also simply attach their DOMContentLoaded listener to the element and catch the events as they bubble up from the tab windows and frames and so on.

Going the streamlistener route is tricky; a friend who played around with implementing it took several months to track down and find a workaround for a severe (.5 MB/page load) memory leak.

Comment by Ben Karel #
2005-04-01 12:41:50

(sorry for the commentspam)

That should be ”the <tabbrowser> element” above. Can’t believe I didn’t catch that in preview.

Anyways, since it looks like there may be multiple extensions offering in-browser proxy functionality in the not-too-distant future, it’ll be interesting to see whether people choose to use browser-specific extensions or OS-wide proxies like Privoxy or Proxomitron.

And… I wonder how easy/viable it’ll be to implement something like Butler entirely through regexps modifying only HTML strings, without touching the DOM.

 
Comment by Phil Ringnalda #
2005-04-01 18:43:51

Well, chrome wins when it knows it’s at war. But it’s rather like a comment spambot, or a global superpower: if you’re content, or an individual weblog, or a low-profile guerrilla, you can win a lot of battles that your opponent doesn’t even realize are being fought.

Funny you should miss having your <tabbrowser> eaten, when I was just linking to Jeff talking about the usability problems in quietly filtering input. I’m not sure how I’d go about doing a preview that said to the [[[I ate ”<tabbrowser>” here]]] element, though.

 
 
 
 
Comment by Aaron #
2005-04-01 00:04:42

Bring it on!

*spins in chair* wheeeeeee!

 
Comment by Dean Edwards #
2005-04-01 04:49:18

I already had my turn at disabling GM. I got beaten up pretty badly on my blog…

The fight moved here:

http://greaseblog.blogspot.com/2005/03/user-script-arms-race-has-begun.html

 
Trackback by WebMaster View #
2005-04-02 02:51:12

Hijacker and Anti-Hijacker

Mark’s scripts to hijack and protect Amazon affiliate links.

 
Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <del datetime="" cite=""> <dd> <dl> <dt> <em> <i> <ins datetime="" cite=""> <kbd> <li> <ol> <p> <pre> <q cite=""> <samp> <strong> <sub> <sup> <ul> in your comment.