I am new to chrome extensions but trying to setup a XSS detector. I have the ability to test GET and POST separately so I just have GET programmed now. The extension loads but when I test from a known site the extension does nothing. Also setup a console log that gets nothing so I know the extension is just not hooked correctly. Any help on why this is not working would be much appreciated.
I have tried content_scripts in the manifest.json but then get "Uncaught TypeError: Cannot read property 'onBeforeRequest' of undefined" in the xss_detector.js
manifest.json
{
"name": "XSS Detector",
"version": "1.0",
"manifest_version": 2,
"description": "xss detector and frame buster",
"permissions": ["tabs", "notifications", "<all_urls>", "webRequest"
"webRequestBlocking"],
"background": {
"scripts": ["xss_detector.js"],
"persistent": true
},
"browser_action": {
"default_title": "Detects and Busts!",
"default_icon": "icon.png"
}
}
xss_detector.js
chrome.webRequest.onBeforeRequest.addListener(function(details) {
const start_script_re = /.*(<div>\s*)?<script>.*<\/script>
(<\/div>\s*?.*/mi;
const end_script_re = null;
if (details.method === "GET") {
console.log("http get request");
if (decodeURI(details.url).match(start_script_re)) {
return {redirectURL:"javascript:"};
}
} else if (details.method === "POST") {
}
}, {
urls: ["<all_urls>"]
}, ["blocking", "requestBody"]);
manifest.json
{
"name": "XSS Detector",
"version": "1.0",
"manifest_version": 2,
"description": "xss detector and frame buster",
"permissions": ["tabs", "notifications", "<all_urls>", "webRequest", "webRequestBlocking"],
"background": {
"scripts": ["xss_detector.js"],
"persistent": true
},
"browser_action": {
"default_title": "Detects and Busts!",
"default_icon": "icon.png"
}
}
Related
I'm working on building chrome extension.
I have an error - Unchecked runtime.lastError while running tabs.executeScript: Cannot access a chrome:// URL at Object.callback (). I don't know what to do.
manifest.json
{
"manifest_version": 2,
"name": "tabs",
"description": "testing tabs",
"version": "1.0.4",
"icons": { "128": "icon_128.png" },
"browser_action": {
"default_icon": "icon.png",
"default_title": "A popup will come here"
},
"background": {
"scripts": ["background.js"]
},
"permissions": ["tabs", "*://*/*", "background"]
}
background.js
chrome.tabs.query({}, function(tabs) {
for(var i= 0; i < tabs.length; i++) {
chrome.tabs.executeScript(null, {
code: "console.log('wow');"
});
}
});
Thanks in advance.
With the following code I try to open a mailto: link in a tab if the user clicks on the Chrome extension icon. However, upon click on the icon, no action is being performed.
manifest.json
{
"manifest_version": 2,
"name": "Extension",
"description": "Description",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png"
},
"permissions": [
"tabs"
]
}
popup.js
chrome.browserAction.onClicked.addListener(function tab) {
var emailUrl = "mailto:address#domain.com";
chrome.tabs.create({ url: emailUrl });
};
There are multible issues with your code:
You never require you popup.js.
You JavaScript code is invalid.
I recommend using an eventPage to trigger the E-Mail link:
manifest.json
{
"manifest_version": 2,
"name": "Extension",
"description": "Description",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png"
},
"background": {
"scripts": ["eventPage.js"],
"persistent": false
}
}
eventPage.js
chrome.browserAction.onClicked.addListener(tab => {
chrome.tabs.create({ url: 'mailto:address#domain.com' })
})
I need to know how to display a pop up window when an extension is installed.What I am trying to ask is that when I install my extension,at that moment itself, a popup window should be opened asking for a username and password.How can I do that?I am not familiar with this issue.
Here is my manifest.json
{
"name": "Calpine Extension",
"version": "1.0",
"description": "Log on to calpinemate",
"manifest_version": 2,
"browser_action": {
"default_icon": "icon_128.png"
},
"background": {
"persistent": false,
"scripts": ["background.js"]
},
"browser_action": {
"default_title": "Calpine Extension",
"default_icon": "calpine_not_logged_in.png"
},
"permissions": [
"*://blog.calpinetech.com/test/index.php",
"alarms",
"notifications"
],
"web_accessible_resources": [
"/icon_128.png"]
}
Try this:
chrome.runtime.onInstalled.addListener(function (details) {
if (details.reason == "install") { //reason ( enum of "install", "update", or "chrome_update" )
//Show the PopUp
}
});
http://developer.chrome.com/extensions/runtime.html#event-onInstalled
I have looked at the Google documentation but I can't see how to change its type.
This is the error I get on loading.
There were warnings when trying to install this extension:
'browser_action' is only allowed for extensions, and this is a legacy packaged app.
This is my manifest.json.
{
"name": "first app",
"description": "this is my first app",
"version": "1.4",
"manifest_version": 2,
"content_security_policy": "script-src 'self' https://en.wiktionary.org/; object-src 'self'",
"background": {
"page": "background.html"
},
"app": {
"launch": {
"local_path": "index.html"
}
},
"browser_action": {
"default_icon": "icon.png"
},
"icons": {
"128": "icon.png",
"16": "icon.png"
},
"permissions": [
"http://*/*",
"https://*/*",
"https://en.wiktionary.org/",
"http://en.wiktionary.org/",
"tabs",
"contextMenus",
"storage",
"unlimitedStorage",
"notifications"]
}
All I have is a right-click event at any-time while browsing and store that text for viewing on a main page. I added in the "browser_action" as the chrome store isn't alowing me to upload my extension as a "legacy packaged app", but I don't really understand what that is even after reading the documentation.
For an app use a manifest that looks like:
{
// Required
"app": {
"background": {
// Optional
"scripts": ["background.js"]
}
},
"manifest_version": 2,
"name": "My App",
"version": "versionString",
...
For an extension use
{
// Required
"manifest_version": 2,
"name": "My Extension",
"version": "versionString",
// Recommended
"default_locale": "en",
"description": "A plain text description",
"icons": {...},
// Pick one (or none)
"browser_action": {...},
"page_action": {...},
...
I'm attempting to follow the documentation here to pass a variable from my background script, to my content script.
http://code.google.com/chrome/extensions/messaging.html
Manifest:
{
"name": "name",
"description": "desc",
"version": "1.0",
"manifest_version": 2,
"content_scripts": [
{
"matches": [ "http://*/*", "https://*/*" ],
"js": ["content.js"]
}
],
"background": {
"scripts": ["background.js"]
},
"permissions": [
"tabs",
"http://*/*",
"https://*/*"
],
"options_page": "options.html",
"browser_action":
{
"default_icon": "icon.png",
"default_title": "Settings",
"default_popup": "settingspanel.html"
}
}
background.js file:
chrome.extension.onConnect.addListener(function(port) {
port.onMessage.addListener(function(msg) {
port.postMessage({counter: msg.counter+1});
});
});
content.js
chrome.extension.onRequest.addListener(
function(request, sender, sendResponse) {
sendResponse({counter: request.counter+1});
});
I receive an error on the background script that says "Cannot read property 'onConnect' of undefined"
Probably your problem is Issue #131623: Reloading extension while developer tools are open breaks chrome object and js console.
Until the fix gets through you have to close the Developer Tools before reloading the extension.