I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page.
(If you are wondering: it is not malicious. It allows to display formulas by using MathJax.)
Is that possible? I tried including it in userContent.css, that of course did not work.
A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical).
Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it?
Anyway, how can I do this for myself?
Welcome to stackoverflow!
Greasemonkey should do what you want. If it's not working either it's not being applied to the correct domains, or the code contains some sort of bug! (I personally use grease monkey on stack overflow to make some changes to the answer area).
Try placing some alerts() within your code to ensure that your grease monkey script is executing as intended.
If this is your first GreaseMonkey script, I suggest running through the links "For Script Authors" on The GreaseMonkey Wiki.
Related
So, maybe I'm being paranoid.
I'm scraping my Facebook timeline for a hobby project using PhantomJS. Basically, I wrote a program that finds all of my ads by querying the page for the text Sponsored with XPATH inside of phantom's page.evaluate block. The text was being displayed as innerHTML of html a elements.
Things were working great for a few days and it was finding tons of ads.
Then it stopped returning any results.
When I logged into Facebook manually to inspect the elements again, I found that the word Sponsored was now appearing on the page in an ::after pseudoclass element with the css property content: sponsored. This means that an XPATH query for the text no longer yields any results. No joke, Facebook seemed to have changed the way they rendered this word after being scraped for a couple days.
Paranoid. I told you.
So, I offer this question to the community of Javascript, Web-Scraping, and PhantomJS developers out there. What the heck is going on. Can Facebook know what my PhantomJS program is doing inside of the page.evaluate block?
If so, how? Would my phantom commands appear in a key logger program embedded in the page, for instance?
What are some of your theories?
It is perfectly possible to detect PhantomJS even if the useragent is spoofed.
There are plenty of litte ways in which it differs from other browsers, among others:
Wrong order of headers
Lack of media plugins and latest JS capabilities
PhantomJS-specific methods, like window.callPhantom
PhantomJS name in the stack trace
and many others.
Please refer to this excellent article and presentation linked there for details: https://blog.shapesecurity.com/2015/01/22/detecting-phantomjs-based-visitors/
Maybe puppeteer would be a better fit for your needs as it is based on a real cutting-edge Chromium browser.
I'm reverse engineering on how JSBIN is running the JavaScript and outputting to Console. It seems that they are creating an IFRAME and put the code that user entered. Override 'console.' (ex console.log) to capture the output or something similar (still reading the code).
My question is why are they running in iframe instead of simply running the 'eval' method. I'm sure they must have good reason. Is it because of XSS attack? If so what prevents XSS from happening by running the code in iframe? Any help would be appreciated!
Is there any possibility to set the Internet Explorer settings by running Javascript file..?
I want to set the following settings in IE through javascript/Jquery
Go to, ‘Tools’ -> ’Internet options’.
Under ‘General’ tab, click the ‘Settings’ button in the ‘Browsing History’ section.
Choose the radio button "Every time I visit the webpage".
Click ‘OK’ and restart the IE.
This is not possible - it'd be a bit of a security hole if sites were able to do this...
Firstly, the short answer is no: You can't do what you're asking for.
Javascript within the browser is heavily restricted to only being able to access resources for the actual page being viewed. This is an important security feature.
You cannot access other pages or other tabs. You cannot access parts of the browser UI outside of the page itself. You cannot run external programs.
Even if you could, the way you've described it wouldn't work anyway: The settings page you've described is specific to one particular version of IE. So your hypothetical program wouldn't work in any other browser or even any other version of IE.
However, more importantly, you need to ask yourself why you're asking for this.
The thing is that you're trying to solve a problem with your site. You've found something that resolves it, and you've asked a question about how to automate that. But you need to work backward a bit -- stop trying to work out how to automate this particular solution: you need to ask yourself whether there might be a different way of solving the original problem, which could be automated.
The fact is this: the config setting you're trying to change is for handling how the browser deals with caching of files. There are ways of changing the behaviour of caching that can be scripted by your site. You might want to look at questions like this one for example.
The lesson here is this: Don't simply ask how to do something; explain why you're trying to do it as well. There might be an alternative solution that's better than the one you've thought of.
No, it's not possible to do using JavaScript.
This is not what Javascript designed to do. There is only a way to read browser setting from JS - using signed scripts.
i want to create an addon for firefox, that should check every JavaScript on a loading page. And if there is a Code, which is not allowed it should be blocked or modiefied (it is a part of XSS Protection).
But i don't know, how to implement this.
I tried to create an http-on-modify-request observer and so i have an access to the scripts. But how can i modify them before Firefox execute it?
My second trial was to create an addon like the Flashblock addon.
So i made a CSS-file and bind the script tags to a xml-file.
In the xml file i create a placeholder and replace the javascript.
When i start a page and look into DOM-Inspector it works fine... there are div-tags instead of javascript tags.
The Problem is, that Firefox still executed the original javascripts and so my trial failed.
Have anybody some tips for me?
ps: sry, for my english, but english is not my native language
I think you're looking for nsITraceableChannel:
http://www.softwareishard.com/blog/firebug/nsitraceablechannel-intercept-http-traffic/
I've got a little problem with UserScripts in Google Chrome, to be precise with getting to the object window of an iframe. Very doable via the Google Chrome console, very impossible via the UserScript or so it seems so far. To be honest it seems as if it was on purpose, as if there was some reason why I'm not allowed to access other window objects.
document.body.innerHTML += "<iframe name='iframe'></iframe>";
console.log(top.frames.iframe);
console.log(window.frames.iframe);
console.log(unsafeWindow.frames.iframe);
console.log(document.getElementsByName('iframe')[0].contentWindow);
console.log(document.getElementsByName('iframe')[0].contentDocument.defaultView);
-->
chrome-extension://eelclpmekkanegjojjmaldeddncficoj/script.js:14 undefined
chrome-extension://eelclpmekkanegjojjmaldeddncficoj/script.js:15 undefined
chrome-extension://eelclpmekkanegjojjmaldeddncficoj/script.js:16 undefined
chrome-extension://eelclpmekkanegjojjmaldeddncficoj/script.js:17 undefined
chrome-extension://eelclpmekkanegjojjmaldeddncficoj/script.js:18 undefined
Might I ask what Chrome's problem is? I don't really get why should a UserScript have lesser access to javascript than a normal script, what are the implications? By the way, yes, the iframe is on the same domain and protocol. :(
UnsafeWindow isn't support by Chrome, try TamperMonkey, pretty sure it provides read-only access to that variable.
contentWindow.document isn't available for Chrome. contentDocument should work.
Also, XMLHttpRequest for cross domains also aren't supported. Most of these are for security purposes. Userscripts in Chrome are content scripts, they cannot access the functions/variables defined by web pages or by other content scripts. It's mostly for security and isolation of scripts, to prevent scripts from conflicting with each other.
As for document.getElementsByName('iframe')[0].contentWindow, I think it's because the way you're trying to add in your iframe. For starters, don't name your iframe as 'iframe', always a very bad practice.
Instead to attempting to add it into the body's innerHTML, use appendChild(), and append a new iframe object into document.body. Also, instead of document.getElementsByName, try document.body.getElementsByName.
I write greasemonkey scripts for firefox, and Chrome seems too restrictive. And I hope you know about the location hack for userscripts. Check out http://wiki.greasespot.net/Location_hack . You can use Javascript in your userscripts ;) And just to let you know right now, I would VERY much warn against messing with iframes and userscripts. I've wrote a script for Greasemonkey, been trying for 6 months, but somehow, when I involve code inside the iframe, half of the time, that result is undefined, and I never get into that problem with javascript. Also, if you inject .js script objects into a document from a userscripts, the new code is still somehow affected, and so how, randomly, elements show up as undefined. After 6 months of trying, I gave up, and I just have a bookmarklet just injects a .js script into documents manually. Of course, you don't have to do that, you can just use a location hack to inject the code from a userscript. But as for writing entire scripts based on userscripts for iframes, I'm staying far far away...