I am trying to implement a Chrome Browser Extension.
The Extension should take the web content (HTML + Javascript Code) of any user-requested Website
and should firstly block that content from displaying. Also, no Javascript Code should be executed at this point.
The Extension should then send the entire web content to my Python Flask Web Application and wait for a response. Based on the Response of my Web Application, the Web Content should either be allowed and normally displayed and executed or be disallowed while loading a premade disallow.html file.
I know how to implement the Python Web Application, and no further discussion of the logic inside that application is needed for answering this question. The part which I'm not sure about yet is blocking content and allowing or disallowing it based on the decision of my application.
Any help would be highly appreciated
Related
I'm working on an html file in a google apps script project right now and I want it to be able to retrieve the html content of a web page, extract a snippet, and paste the snippet to the page. I've tried using fetch() and a couple of its options (mostly CORS), but I either get nothing back or an error that says "No 'Access-Control-Allow-Origin' header is present on the requested resource." A workaround I found was using google.script.run.withSuccessHandler() to return the html content via UrlFetchApp.fetch(url).getContentText(). The problem with this is that it is time consuming and I want to try and optimize it as much as possible. Does anyone have any suggestions on how to make this work or will I be forced to stick with my workaround?
Using "Vanilla JavaScript" in a Google Apps Script web application might not work to
retrieve the html content of a web page, extract a snippet, and paste the snippet to the page.
The above because the client-side code of Google Apps Script web applications is embedded in an iframe tag that can't be modified from server-side code. In other words, Google Apps Script is not universally suitable web development platform. One alternative is to use another platform to create your web application, i.e. GitHub Pages, Firebase, etc.
Related
Where is my iframe in the published web application/sidebar?
I am requesting a web page with wifi using ESP 8266.
When this page is loading will the javascript on this page be activated?
Should I expect the 'document.ready' to be fired?
Thanks in advance for any info and/or supporting push to get my quest for an answer in the right direction.
I am requesting a web page with wifi using ESP 8266
The hardware you use is more-or-less irrelevant.
When this page is loading will the javascript on this page be activated?
That depends on the software you are making the request with. It would have to be something that ran JavaScript for the JS to run.
(e.g. if you were using Google Chrome, then the JS probably would run but if you were just using cURL then it would not).
Speculation: You are making the HTTP request with a C++ HTTP library and not a web browser. You won't have any JS support.
I am working on a Chrome extension that will add content to a particular set of pages. From my research, it sounds like what I want is a content script that will execute for the appropriate pages. I can specify the "appropriate pages" using the content_script.matches manifest.json field.
However, the problem I'm running into is that content scripts run in an isolated world, separate from the rest of your extension.
How I had envisioned my extension was a set of UI pages that would be embedded on the appropriate pages by the content script. The background page would contain the code for build the content of the UI pages. The background page, and by extension, the UI pages, would need access to the various Chrome APIs (e.g., local storage), as well as being able to make cross-domain requests to retrieve their data. However, it seems this is not possible, since the content scripts run in an isolated world, and don't have access to the Chrome APIs that I need.
Message passing allows a content script to send and receive data from the background page, but doesn't allow you to take a UI page and embed it on the current webpage.
I initially thought I was making some headway on this when I was able to make a jQuery AJAX request from my content script for an UI page, but that only gets me the HTML file itself. My UI pages depend on code to programmatically build the content--it's not just a static HTML page. And that "build the page" JavaScript code depends on Chrome APIs that are not available to the content script. So, if I just tried to make all my UI pages and JavaScript resources web_accessible_resources, I could inject them into the page but they wouldn't be able to run.
Which brings me to my question: how can a content script pull down, or embed, UI pages that can invoke code in the background page?
Tldr: you need to read about sending messages between content/background. Its in the docs and many samples.
From what I've been able to find, the architecture I was hoping for (as outlined in my question) is not possible in a Chrome Extension. Chrome's security model requires a different approach. Here's what worked for me.
Make your templates, JavaScript files, and anything that's part of your UI, web_accessible_resources.
Use your content script to load these resources and display them to the user at the appropriate times/locations.
(Almost) any calls to chrome.* API need to be done through your background page or event page. In my case, the "background page" is strictly JavaScript, there's no HTML.
Your content script, and UI, can send messages to your background/event page(s).
This model is not unlike the traditional client/server architecture of a web app. The "background page" is like your server, and your content script can send "messages" (think HTTP request) to the "background page" just like it might send a request to your server.
The background page, just like the server, has access to resources that the content script does not, e.g., the background page can use more of the chrome APIs.
This mental analogy helped me to "redesign" my app in a way that (so far) is working within the Chrome Extension security model. I had originally been thinking more along the lines of a traditional desktop app, where the entire app can do things like make cross domain requests or write to the file system. Chrome Extensions and Apps don't work this way, however.
I am developing a firefox addon(using Add-on Builder), which compares the requested webpage content with suspicious webpage content and block the webpage(if it matches).
But i am not getting the blocking a requested webpage (expecting, before full loading) in browser through my addon code.
some solutions, like GoogleSafeBrowsing (not an addon), blocking the webpage and displaying the malware domain names and etc. how it is possible to display the suspicious content before loading webpage and blocking the webpage from loading.
i need a mechanism (with addon or without addon). any help.......
Thanks,
update:
i need this mechanism programitically in javascript (like, if(match){window.close()}.....like that)
You should look at using a lower level Firefox api called nsiContentPolicy - it is possible to use this with the SDK as detailed in this blog post:
http://lduros.net/posts/blocking-images-and-other-content-mozila-add-sdk-and-nsicontentpolicy/
I have seen this excellent firefox extension, Screengrab!. It takes a "picture" of the web page and copies it to the clipboard or saves it to a png file. I need to do so, but with a new web page, from an url I have in javascript. I can open the web page in a new window, but then I have to call the extension -not to press the control- and saves the page once the page is fully loaded.
Is it possible?
I am pretty certain that it is not possible to access any Firefox add-on through web page content. This could create privacy and/or security issues within the Firefox browser (as the user has never given you permission to access such content on their machine). For this reason, I believe Firefox add-ons run in an entirely different JavaScript context, thereby making this entirely impossible.
However, as Dmitriy's answer states, there are server-side workarounds that can be performed.
Does not look like ScreenGrab has any javascript API.
There is a PHP solution for Saving Web Page as Image.
If you need to do it from JavaScript (from client side) - you can:
Step 1: Create a PHP server app that does the trick (see the link), and that accepts JSONP call.
Step 2: Create a client side page (JavaScript) that will send a JSONP request to that PHP script. See my answer here, that will help you to create such request.