Open chrome extension in html - javascript

I used this code to open chrome extension but not opened
<li class="bms-item">bms</li>

Web context cannot open chrome-extension:// or chrome:// links due to security restrictions. The idea is that simply opening the page may perform some action with higher privileges than the webpage.
As mentioned by wOxxOm in comments, you should use externally_connectable (assuming you control both the extension and the webpage). There's a handy guide in the documentation, but the schema is as follows:
You declare in your extension's manifest that your domain, https://example.com/, can call the extension.
From your webpage code, you check that chrome.runtime.sendMessage is available - that means an extension that is ready to listen is installed.
You then call chrome.runtime.sendMessage with the extension ID and the request to do something (i.e. open an extension page).
In the extension's background page, receive the message with chrome.runtime.onMessageExternal and do something, e.g. open the page with chrome.tabs API.
If you control the extension, but not the website, and you're adding the button from a content script, you should assign a handler that calls chrome.runtime.sendMessage and, again, handle it from the background page (which can open an extension page, unlike the content script). This time though it's going to be chrome.runtime.onMessage event.
Alternatively, declaring the page as web-accessible should help (untested).
If you don't control the extension, there's nothing you can do for the security reason above.

Related

In Creating Google Chrome Extensions, can we send message or any data from devtools.js to content script without opening the DevTools?

I'm building a chrome extension and that includes the following scenario in order to achieve my goal.
I want to send info from devtools.js to content script even the DevTools is close or not open. Is it possible?! Because in the documentation, devtools.html or any script attached to it are called or executed when the DevTools is opened.
How to access Console Tab, Network Tab and other tabs then pass the information to the content script?
Is there a way to achieve these two points?

Is it possible for a link in an email to open a Chrome extension?

Is it possible to create a link that the user clicks (say in an email) which opens a Chrome extension that's already installed?
Or, put it in another way, is it possible to develop a Chrome extension that handles how a link is shown (e.g. inside Gmail.com or other sites), that whenever the user clicks it, the extension shows up instead of the user being directed to a site?
I've come across articles talking about custom protocols:
Custom protocol handler in chrome
But what if the extension is not installed, how do you fall back to HTTP?
http://mywebsite.com/somevalue
This could easily be done with a webNavigation.onBeforeNavigate listener which listens for a specific URL. When the URL is encountered, it can cause a specific page within the extension to be opened instead.
Quickly prototyping this, the code could look something like (untested, may have errors):
chrome.webNavigation.onBeforeNavigate.addListener(function(details){
chrome.tabs.update(details.tabId,{url:chrome.runtime.getURL('/thePageIWant.html'});
},{url:[
{urlEquals:'http:/www.domain-for-my-extension.com/invokeMyExtension.html'}
]});
References:
chrome.webNavigation.onBeforeNavigate
chrome.tabs.update()
runtime.getURL()

Chrome extension and jQuery ajax query

So basicly I can't use variables that were created by website in my Chrome extension but can I make jQuery ajax query to this site? Like I found that site is using something like this
/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111
Can I do that with my extension that will contain jQuery.ajax code? Tbh I have never used jQuery.
Thanks in advance.
Let me clear some concepts for you:
1- Your chrome extension has a background page and it is completely different than the current tab that the user is viewing (you referred to it as website).
2- You can access tabs (including the current active tab) with chrome.tab API
https://developer.chrome.com/extensions/tabs
3- You can load jquery in your chrome extension background and you can send ajax requests with it. Also, you have to set required permissions for your chrome extension to be able to access outside domains.
4- If you send a ajax request with this path "/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111" in your chrome extension, it tried to load it from your localhost because your chrome extension loads from your localhost. Therefore, you have to write complete path such as "//www.mydomain.com/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111"

Security on postMessage to/from a Chrome Extension Content Script? Possible alternatives?

According to this article on MDN, using postMessage to pass messages to and from a content script in chrome is not secure because can't properly define a source property, and that it's targetOrigin is difficult to securely pass to a potentially malicious site. Is this still true. Are there any other ways to confirm the source of a received message, and to only send messages to a specific content script exclusively? Or are there any alternatives to using content scripts altogether?
The "chrome" in the article on MDN does not refer to "Google Chrome", but to extension code that runs with Chrome privileges (look here for other meanings of "chrome" in Firefox).
In Google Chrome / Chromium, content scripts run in a different environment than the web page (that means that window in the content script is different from window in the web page).
However, when you send a message from the content script to the page, event.source will be identical to the window of the page. So, to verify that the message was really sent from a (content) script within the same page, you could use if (event.source === window) { ... }.
If you want to send a message to another content script (in the same tab), then you have two options:
If the frames are located at different origins, or if the content scripts are located in different tabs, then you have to send a message to the background page, which in turn passes the message to the target content script using the Chrome extension message passing APIs.
If the communicating frames are located at the same origin, then their variables can directly be shared without using the message passing API. Refer to their window objects using top, parent, <HTMLIFrameElement>.contentWindow, frames[index], etc.
Another (hackish) way to get a message from the one content script to another is through the chrome.storage API. At the receiving end, bind a chrome.storage.onChanged event. To "send" a message, use chrome.storage.local.set. Don't forget to remove the key-value pair once you have (not) received the message.

How to check if Chrome extension has fully installed

Using Chrome Web Store inline installation ( https://developers.google.com/chrome/web-store/docs/inline_installation ) it is possible to specify a callback for chrome.webstore.install() that will be executed when the extension is successfully installed.
Through some very tedious debugging I've learned that extensions are not neccessarily 100% installed when the callback is executed - maybe the background hasn't been loaded or content scripts aren't yet available.
In my particular case the problem presents itself in this way:
User clicks install button with chrome.webstore.install() bound to onclick event.
Success callback injects an iFrame.
Content script is defined for the iFrame and injected to do some finishing work
Content script returns with a completed installation dialog.
Step 3 is the problem. Some times the iFrame will be injected before content script is fully loaded and thus no script will be injected (content scripts are only injected inside newly created iFrames, not iFrames already existing when the extension is installed/enabled).
I know there are possible workarounds such as having the extension itself inject the iFrame or a simple setTimeout(), but for the sake of helping others I think it's worth asking the question:
How can I be certain that the extension is 100% installed, when the chrome.webstore.install() callback doesn't ensure it?
Using the famous <img> load method described in Checking if user has a certain extension installed doesn't work reliably (for those thinking that'd be a solution).
This is the way to do it :
http://code.google.com/chrome/extensions/extension.html#global-events
As mentioned in the last link below , you should be able to do :
var myPort=chrome.extension.connect('yourextensionid_qwerqweroijwefoijwef', some_object_to_send_on_connect);
You can also check Checking if an item is already installed section in the next link :
https://developers.google.com/chrome/web-store/docs/inline_installation
or you can follow what have been done in this post:
Check whether user has a Chrome extension installed
I also saw solutions talking about background page and localstorage:
http://developer.chrome.com/extensions/background_pages.html
Chrome extension post-install hook/API function: does it exist?
You sure your content script's work needs to be done from the same page where the user installed the extension? If not, simply have your extension call chrome.tabs.update or chrome.tabs.create (two of the few tabs methods that don't require the tabs permission) to open a page where your content script can be injected.
Otherwise, your extension can use programmatic injection to inject a content script which can communicate with your page. You can use chrome.tabs.query to make sure you're injecting into the correct tab.

Categories

Resources