How to Apply greasemonkey scripts to local files

Today, I wrote a GM script to use it in a local HTML file. I found that both the left and right sides of the script are invalid. I remember it was okay. Later, it may be caused by version updates. Google found the following article:

Reference from: http://www.firefox.net.cn/forum/viewtopic.php? T = 31181

In recent updates, greasemonkey scripts can no longer be used in local files, that is, GM scripts for text linking, automatic highlighting, word translation, and so on, it is ineffective for other locally stored web pages, HTML pages of e-books, and even the online extraction stored in scrapbook.

After a roundCool", I finally found the almost only post discussing this issue:

Reference:

On wed, Dec 30,200 9 at AM, Matt Sargent <matt.sarg...@earthlink.net wrote: Until a recent release, greasemonkey cocould run on locally stored HTML pages. this was very handy, especially when combined with the scrapbook add-on. does anyone know of a way to restore this behavior to a script? >>> On 12/29/2009 7:06 pm, esquifit wrote: Since a couple of releases there are two new 'den den 'preferences: Greasemonkey. aboutisgreaseable Greasemonkey. fileisgreaseable The default value is "false". If you want greasemonkey to run on File: // URLs, you have to set the second one to "true" (In about: config ). >>> On Fri, Jan 1, 2010 at AM, Matt Sargent <matt.sarg...@earthlink.net wrote: Thank you !! This was exactly what I was looking for. It works perfectly.

In other words, change the value of "greasemonkey. fileisgreaseable" in "about: config" to "true" to make the GM script take effect for the local file.
However:

Reference:

Esquifit Fri, 01 Jan 2010 02:39:49-0800 Gglad to know. keep in mind, however, that this implies a security risk. A malicious userscript cocould open a tab or a frame, load a "file:" URL from your local drive into it, read the contents and send them to any server. even binary files cocould be stolen in This way, including files stored in your Firefox profile containing sensitive information (passwords, cookies, history, etc ). in order to know the exact location of the profile folder the attacker cocould either do a recursive scan of your hard disk (directory Contents can also be listed via file: URLs) until it reached the profile. INI file in which all profile directories are listed, or it cocould open the about: cache page and read the profile from there, provided access to about: URLs is granted via the "greasemonkey. aboutisgreaseable" Preference. This security risk was in fact the motivation for the new preferences, as far as I can remember. This was handled in bug #1000: Http://github.com/greasemonkey/greasemonkey/issues/closed#issue/1000

That is to say, this is risky. for malicious GM scripts, It is a door to steal your privacy.
In fact, this cannot be solved. The method is to enable the above key value. For the GM script that is secure and needs to take effect for the local file, use the greasemonkey script to manage the "file: /// * "is added to its allow rules. For untrusted scripts, the same rules are added to the excluded rules. When installing the script, note that if the script takes effect for all webpages (The rule is "*"), you must immediately modify the rule (for example, change it to "http: //) or add "file: // *" to the exclusion rule for prevention.