[英]Inject javascript at the very top of the page \ Anti iframe-buster
I'm developing an extension that, sometimes, will show some websites inside iframes. 我正在开发一个扩展程序,有时会在iframe中显示一些网站。 I've already bypassed the X-FRAME-OPTIONS issue but now I'm stuck with the simple iframe buster code, eg.:
我已经绕过了X-FRAME-OPTIONS的问题,但是现在,我只能使用简单的 iframe克星代码,例如:
if (top != self) {
document.getElementsByTagName("html")[0].style.display = "none";
top.location.replace(location);
}
I'm trying to inject javascript at the very top of the page to override the window.top object, but at document_start
is already too late to inject it, ie alert()
is never called before the buster script runs: 我试图在页面的顶部注入javascript以覆盖window.top对象,但是在
document_start
已经太晚了,无法注入它,即,在破坏者脚本运行之前从未调用过alert()
:
chrome.webRequest.onCompleted.addListener(function(details) {
if (isEnabled) {
chrome.tabs.executeScript(details.tabId, {frameId: details.frameId, runAt: "document_start", code: "alert('asas');"});
}
}, {
types: ["sub_frame"],
urls: ["<all_urls>"]
});
Is there any way around this? 有没有办法解决?
Thank you 谢谢
The problem is probably caused by chrome.webRequest.onCompleted.addListener
listener being asynchronous 该问题可能是由于
chrome.webRequest.onCompleted.addListener
侦听器异步导致的
document_start
injects code before any DOM is created , so that is not the cause of your problem. document_start
在创建任何DOM之前注入代码,因此这不是造成问题的原因。 I have verified this while playing around and trying to answer this question . 我在玩耍并尝试回答此问题时已对此进行了验证。
The problem here is that chrome.webRequest.onCompleted.addListener
is asynchronous, which means that when the callback (and therefor your chrome.tabs.executeScript
) is executed, the browser has already started constructing the DOM. 这里的问题是
chrome.webRequest.onCompleted.addListener
是异步的,这意味着当执行回调(并因此执行chrome.tabs.executeScript
)时,浏览器已经开始构建DOM。
You can start by injecting the script to all relevant iframes directly using the "content_scripts"
in manifest.json
instead of using programmatic injection. 您可以先使用
manifest.json
的"content_scripts"
直接将脚本注入所有相关的iframe,而不要使用程序注入。 I haven't verified this, but
you could also try injecting the script from a
. chrome.webRequest.onHeadersReceived
listener with the
"blocking"
option, which allows you to handle the request synchronously
我尚未对此进行验证,但是
您也可以尝试使用
。 You are probably already listening to chrome.webRequest.onHeadersReceived
监听器中的
"blocking"
选项注入脚本,该选项可让您同步处理请求
onHeadersReceived
in order to remove the X-Frame-Options
header anyway. onHeadersReceived
,您可能已经在监听onHeadersReceived
以便删除X-Frame-Options
标头。
Edit: 编辑:
Programmatic injection in a blocking onHeadersReceived
listener is not possible. 无法在阻塞的
onHeadersReceived
侦听器中进行程序注入。 Chrome returns an error about lack of permissions - probably because the URL is not known at this point yet (the headers could cause a redirect). Chrome会返回有关权限不足的错误-可能是因为目前尚不知道该网址(标头可能会导致重定向)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.