Update: Feb 1, 2012

I've noticed traffic coming from Google with keywords prevent greasemonkey, so I though I'd give an update on this issue.

There has been patches to Greasemonkey since the writing of this post to render everything I talk about here useless. AFAIK, there is no way for website authors to prevent Greasemonkey from loading on their website now -- this is the intended behaviour of Greasemonkey.

If anyone knows otherwise, feel free to leave a comment or email me.

I recently read about Speed Sudoku in a Globe and Mail article. It's a website that allows player to compete against each other in a race to solve Sudoku puzzles. Players are given points based on their performance in a game -- I'm unsure how the point system works -- and these points are used to rank them on the scoreboard. As of this writing, the top player is named "WaterlooMathie" (woot for Waterloo).

Anyway. I decided to write a Greasemonkey script to automatically solve these puzzles. The technique I chose is a simple Backtracking algorithm with cells chosen based on the Most Restrained Variable. *Disclaimer: I'm not planning on climbing to the top of the scoreboard using this script, it's just for fun.

[See script here]

Nothing too fancy. In fact, the code can be tuned further to perform better -- meh. But the results are pretty good. I'm able to solve the Very Hard puzzles on my Mac instantly on page load.

Even though I'm not going to cheat on Speed Sudoku, I'm sure others will, or already have. In fact, you can report users you suspect of cheating to the site admins.

This raises a question for me: How do you prevent Greasemonkey scripts from executing on your website?

The answer lies with how Greasemonkey scripts are fired -- it listens to the DomContentLoaded event. To script execution you simply put this piece of code at the top of your page.

document.addEventListener("DOMContentLoaded", function(ev) { ev.stopPropagation(); }, false);

This will attach your anonymous function to the same event listener (which will execute first), and we simply need to stop the event from propagating.

You might run into cases where you do want your own functions (attached to DOMContentLoaded event) to fire. In these cases, you could create your own custom events, listen on those, and fire them in the anonymous function after.

Of course, users can still cheat by other means, but at least this can prevent Greasemonkey cheats. That said, I'm against prevent Greasemonkey scripts. I love the addon, and it adds functionality to websites that I can't live without.

blog comments powered by Disqus