I've a chrome extension that sends a message from the content script to the background page and logs the tab_id of the content script.
I noticed that on google.com|de|at two messages are logged thus two content scripts are created: one for the actual web page shown in the tab (e.g. https://www.google.com/search?q=python+standard+library ) and another content script for the first item in the google result list ( in the above example http://docs.python.org/library/ )
Even stranger - the tab_id of the second content script (the hidden one) is not valid. I.e. chrome.pageAction.hide(tab_id) causes the following error to appear:
Error during pageAction.hide: No tab with id: 71
Is there a way to figure out if a content script belongs to a "hidden" tab?
thanks,
Peter
First of all, you can use onCreated and/or onUpdated to keep track of tabs and url mappings without the need for a content script.
However, if there's more to your content script than just informing the background page of the tab id, it may mean more checking.
If your content script is run on all_frames, then you will be getting messages from the content script in the top window and all internal frames. Still, when I test a sample implementation, I get the same IDs for all of them. Also, none of them appear to be from entries in the search result list.
If you are running the script in all tabs, you can ensure that only the top window sends the message by wrapping your sendRequest call with an if (window.top === window).
Could it be possible that you have another extension running that previews google results somehow? That may have this effect....
Related
Right now I developing a product based on Chromium extension which monitors user actions by taking screenshots on several DOM events, such as mouse "click". I using chrome.tabs.captureVisibleTab API for doing that.
The problem: if user makes a click on tab "A" content and then very fast choosing another tab "B" - captureVisibleTab takes screenshot of currently visible tab "B" (instead of tab "A", where action happened).
This is because it take some time while "click" message passing from content script to background (asynchronously) and screenshot taken (also asynchronously) and during that time another tab already activated.
One possible solution I had been thinking is instead of using "captureVisibleTab" - use some another capture API which takes tab id as an argument - but I cannot find such API.
Any ideas?
I've got a web application in which there are several XSS vulnerabilities on it, on the Profile Page for example there is a text box which is vulnerable to XSS along with the Messages Page. They both have text boxes yet when I add some XSS into the Profile Page, the pop up also comes up in the messages section and I can't figure out why. I've attached some screenshots for more information. If anyone can explain why this does this, I'd be very grateful.
The below Links are for visuals of the application
These are the source code images/files
Profile Page Source Code:
https://drive.google.com/file/d/1fA_Zoa7z4fdhBBzW2-e3Wm-fWF1qwXw7/view?usp=sharing
Message Page Code:
https://drive.google.com/file/d/1YApsri_3YSmUwlRfyajcebgpe26L37TZ/view?usp=sharing
You are inserting the saved data from this text box onto the messages.php page. If you right-click and inspect the "testtest" text, you'll notice a script was also added in there (the one you added earlier). By saving this server-side it allows it to be run each time the client loads the page because the browser still reads it as code to be ran. It should not - it should view it as text.
You'll notice that the first word in the background "test" is written, and the script has appeared. This is a blocking script, meaning no further code will be ran until you click the OK button in the dialog allowing the code to continue rendering the rest of the content on the page; hence why the second "test" word waits until you click okay before rendering the rest of the page.
Please let me know if I've missed anything out. Hope this helps
I'm writing a chrome extension and have a question.
My extension has some .html page in it, let it be 'popup.html'. I inject a content script into some page and this script opens a 'popup.html' in a new tab with something like 'var p = window.open(chrome.extension.getURL('/popup.html'), "popup")', which works perfectly. Next, I need to pass some data to this window and I can't figure how to do it in a simple way.
For some reason I can't call child window's function from a content script with
var p = window.open(chrome.extension.getURL('/popup.html'), "popup");
p.foo(data);
In the console I see Uncaught TypeError: Cannot call method 'foo' of undefined message.
I can't pass data in a query string, because the data is simply too big.
Is there an elegant and simple way to pass data to such kind of window? I thought about messaging, but how do I effectively get tab ID of a newly opened window w/out using a background page?
Thanks a lot in advance.
UPD:
I tried to inverse the logic and get a data from parent window with 'window.opener.foo()' but in a newly opened tab window.opener returns null.
Ok, I found two solutions to my problem.
1) Add a background page, which opens a popup with chrome.tabs.create(). Then send a message from a content script to a background page, which re-sends it to a corresponding tab via chrome.tabs.sendMessage(). It looks a little ugly, but works.
2) A better one, w/out background page. Extension (popup) page creates a listener for long-lived connection. Then content script sends a message to this connection. A problem here is that a listener is not created right after the page is opened, so there should be a mechanism for a content script to wait until popup is loaded. It can be a simple setTimeout or a notification from popup via same long-lived connection.
If anyone has a better solution I'd gladly check it out as well.
I created a Chrome extension that adds links to items (things your friends share with you) on your facebook feed. Facebook loads about 10 or 20 items on the feed on page load, and then the rest are loaded via ajax when you scroll down.
I managed to get my content script to work for the first items, but not for the rest. I've read everything i could find, and it seems that I have to reload my content script.
How can i do that considering that the URL does not change?
You can use document.addEventListener with the DOMNodeInserted event to listen for new items getting rendered in the feed. The callback will have to check each node insertion to see if it is a feed item or not. Something like the following should work.
function nodeInsertedCallback(event) { console.log(event); });
document.addEventListener('DOMNodeInserted', nodeInsertedCallback);
Well, you can hang some time driven listener that runs every XX seconds, to verify if there's new items to work with.
Unfortunately there's no event you can hang from, fired when the page's code do some Ajax.
May be you can figure out what evet you can han from to detect the user has reached the end of the loaded item's list, knowing that de page's code will do some Ajax to retrieve more items. Then you start you time driven listenter.
I am currently have this message handler line:
MESSAGE_HANDLER(`WM_SETREDRAW`, onSetRedraw)
I would like to know, is there any window message (eg: WM_???) that is connected/related to 'when a website has finish loading inside IE' ?
So I can use it to replace the above WM_SETREDRAW. I want to do something like, when the IE finish loaded a website, it call onSetRedraw.
If no one answers, go Gogoling for an application "spy" tool, which will tell you which messages your program receives. Make a one line app which one launches the browser and spy on that.
Alternatively, what API are you using to launch the browser? Look at it's return value.
Btw, I strongly suspect that you will only get a message when the browser is launched, not every time it loads a new page (or even the first page).
You may not be able to do what you want very easily. A possibility might be to search for the window by title bar, get it's handle, walk its control list until you get to the status bar and check its text in a loop until it is done.
A further possibility, if this is only for yourself, woudl be to get an open source browser which uses the MSIE rendering engine and make a one line change at "the right place in the code" to send a message to your app every time a new page is loaded.