I have a personal SPA running Vue, which uses a library (lets call it foo). foo download a javascript file called bar.js and then execute it. Everything works as expected, but in bar.js there is an https call (https://fixed-domain/fixed-param) which slows down my SPA significantly. I've tested with uBlock Origin extension that simply blocking the call would solve my problem.
So, is there a way to block that https call from my Vue app? I've try reading the source code of uBlock but it is too complicated for me to re-implement it.
Related
I am developing a Chrome extension that absolutely always needs to run with the newest code.
Now, this is a problem that I am not quite sure how to solve while not going for eval() alike functionality.
I designed it to fetch the newest script from server over HTTPS, then execute it using new Function()
It's absolutely most important to have extension run using newest code for every user and updates managed by Google don't solve that problem cause they are usually delayed or require user to update it manually.
CSP only allows for scripts executed from domain specified by me, but I am also using unsafe-eval although I can encode these scripts using hash for more security.
Scripts require access to page DOM and chrome.* API. I can't just specify them as script src in popup, because that's not the point.
Are there better solutions to this problem?
The relevant line of the Google script is:
(window,document,'script','//www.google-analytics.com/analytics.js','ga');
I am running this particular file locally (as in, I double-click "index.html" on Windows Explorer and it opens in Chrome.
After about a minute of trying to load this file it fails with net::ERR_FILE_NOT_FOUND reported in the Developer Console.
I understand why this is happening, it is trying to load this as a local file. If I do this it works just fine:
(window,document,'script','www.google-analytics.com/analytics.js','ga');
In other words, I eliminated the //. This would work just as well:
(window,document,'script','http://www.google-analytics.com/analytics.js','ga');
Is going explicitly doing it this way to only track real websites?
If so, how are you dealing with this issue for local development?
I do run a VM with Ubuntu server for local development of more elaborate sites. In this case I was working on a single file landing page that I knocked out quickly and wanted to just test just as easily but ran into the browser hanging waiting for analytics.js
Is it safe to remove the // or add http: in general terms. I don't generally like to modify Google code unless I fully understand why they are doing things in a specific way and what the consequences of my actions might be.
Instead of viewing the file locally, run it through a local webserver. Two easy options are
XAMPP: http://portableapps.com/apps/development/xampp
Uniform Server: http://www.uniformserver.com/
Both require no installation. If you have Visual Studio or WebMatrix, you can also run it through Cassini or IISExpress.
It can be that you are using a VPN(Virtual private network) which analytics blocks. Try loading https://www.google-analytics.com/analytics.js
If id does not work try disabling the VPN and try again.
Or as someone else mentioned it could be that your AdBlock is blocking it.
I'm currently having an issue with an extension I'm developing using the Firefox Add-on SDK. For some basic context, the extension executes content scripts using the page-mod api in the sdk. On each of the content scripts some additional javascript is injected into the page itself (we'll call them page scripts). In order to do some complex tasks, the javascript injected into the page can communicate with the content script and which will then in turn make requests to the background process of the extension. Due to the complexity of the extension, when it is auto-updated, it is possible to get into a state where multiple page-scripts running the same code are running on the given content-script.
What I'm wondering is if it's possible for extensions built using the Add-on SDK can be forced to update itself only upon restart. This would mean that the extension won't get reloaded even if the auto-update occurs until a user restarts their Firefox Browser.
If this is not possible, any other solutions would be great.
Though I agree with #Noitidart's comment, you can choose to inject your content scripts from main.js only on restart like so:
const { loadReason } = require('sdk/self');
if (loadReason==='startup') {
//Inject the scripts
}
You'll have to make sure that your old version's content scripts can communicate with the new background scripts without breaking, which will be a pain to test. See here for the other load reasons.
I'm new to phantomJs. I've installed phantomjs in my system(Ubuntu) and executed a sample code "test.js" in terminal like,
test.js:
console.log("WELCOME TO PHANTOMJS");
phantom.exit();
In terminal
phantomjs test.js
its executed fine shows expected output.
NOw my question is, Is there any possibilites to execute above js file in a browser by importing that js file in a html file like,
<script src="test.js".....></script>
If is it possible means how to do?? Please help me.
Short Version
You can't
Detailed Version
In its current state, PhantomJS is a standalone process and needs to have the full control (in a synchronous matter) over everything: event loop, network stack, and JavaScript execution, ... yes you write scripts in Javascript but it's simply because it exposes a JavaScript API (also for coffee script).
"How to execute a nodejs module in browser?" It's pretty the same problem and you simply can't because of phantomjs/nodejs dependencies : what is webpage module in your favorite the browser ? But it's still possibe to share pure JS library.
So, you can't directly reference a phantomjs script in your browser, but you can communicate with a PhantomJS instance using HTTP GET/POST with Web Server module. HEre is a topic onInter Process Communication found on the Wiki.
I'm trying to execute a function like window.alert for example, from actionscript, when both the html file and the swf file are using the file: protocol.
Does anyone know of someway to do this?
without changing global flash security settings
It looks like it's not possible after reading Controlling access to scripts in a host web page.
For SWF files running locally, calls to these APIs are successful only if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. Calls to these methods fail if the content is in the local-with-networking or local-with-filesystem sandbox.
Then this page on local sandboxes basically says that won't work unless the swf is in a "local-trusted sandbox" which a user or installer would need to put it in.
This blog post about the "local-with-filesystem sandbox" says:
First, I think the documentation here is a bit too generous. SWFs loaded from the local file system do face some restrictions. The most relevant restrictions are probably:
The SWF cannot make a call to JavaScript (or vbscript), either through URL or ExternalInterface
The SWF cannot call a HTTP or HTTPS request.
Querystring parameters (ex. Blah.php?querystring=qs-value) are stripped and will not be passed (even for requests to local files)
There is a document "Controlling access to scripts in a host web page" that describes the various ways and restrictions on allowing Flash content to interact with Javascript.
According to the doc, as long as your embed tag contains AllowScriptAccess set to "always" you should be fine regardless of where the page is loaded from.
You need to update the Flash Player settings so that your file path is listed as a "trusted location." You will then be able to use External Interface and other JS communication methods.
Also, you can't pass default JS functions from AS using External Interface (like alert). You need to write custom functions...
ActionScript:
import flash.external.ExternalInterface;
ExternalInterface.call("alertFromFlash", 'hello');
JavaScript:
function alertFromFlash(str) {
alert(str);
}
Alternatively, if you're distributing this to a customer. It can be difficult to explain how to change Flash Player settings, so you can instead run a server from a CD, which bypassing the need for security settings. I've had good luck with the Flying Ant server in the past.