secure data storing in userscript

Question

I need a way to store data from an userscript, so that the site it is working on cannot access that data. I'm creating a script that would encrypt facebook's chat and i need to keep encryption keys between sessions. cookies and local storage can be accessed by facebook's scripts. GM_setValue does not work on opera.

Answer 1

Found answer here:

Access root domain's localStorage from subdomain

http://www.opera.com/docs/userjs/specs/#scriptstorage

I will just use GM_setValue for FF and scriptStorage for Opera

Answer 2

Another option, depending on the users of your script, would be to prompt the user for a salt to mix into your encryption process.

Ask for the salt, then load the target page inside of an iframe. (assuming the target site doesn't have a frame buster, of course.)

You'd be prompted for the salt first time visiting the page. After that, just keep it locked inside your iframe.

Of course, that process makes the user script a touch more complicated.

Mostly you have to set up a local doc variable that points to the iframe's document and use it for all of your calls. doc.getElementById instead of document.getElementById. If your script uses jQuery ... ouch.

I've done this process for both iFrames and HTAs.