堆栈内存溢出
  简体   繁体   English

在页面的顶部注入JavaScript \\反iframe-buster

[英]Inject javascript at the very top of the page \ Anti iframe-buster

 原文  2016-06-02 09:38:54       javascript/ iframe/ google-chrome-extension

问题描述

I'm developing an extension that, sometimes, will show some websites inside iframes. 我正在开发一个扩展程序,有时会在iframe中显示一些网站。 I've already bypassed the X-FRAME-OPTIONS issue but now I'm stuck with the simple iframe buster code, eg.: 我已经绕过了X-FRAME-OPTIONS的问题,但是现在,我只能使用简单的 iframe克星代码,例如: 

if (top != self) {
   document.getElementsByTagName("html")[0].style.display = "none";
   top.location.replace(location);
}

I'm trying to inject javascript at the very top of the page to override the window.top object, but at document_start is already too late to inject it, ie alert() is never called before the buster script runs: 我试图在页面的顶部注入javascript以覆盖window.top对象,但是在document_start已经太晚了,无法注入它,即,在破坏者脚本运行之前从未调用过alert() 

chrome.webRequest.onCompleted.addListener(function(details) {
    if (isEnabled) {
        chrome.tabs.executeScript(details.tabId, {frameId: details.frameId, runAt: "document_start", code: "alert('asas');"});
    }
}, {
    types: ["sub_frame"],
    urls: ["<all_urls>"]
});

Is there any way around this? 有没有办法解决?

Thank you 谢谢

1 个解决方案

解决方案1
 1 已采纳  2016-06-03 08:50:01

The problem is probably caused by chrome.webRequest.onCompleted.addListener listener being asynchronous 该问题可能是由于chrome.webRequest.onCompleted.addListener侦听器异步导致的

document_start injects code before any DOM is created , so that is not the cause of your problem. document_start 在创建任何DOM之前注入代码,因此这不是造成问题的原因。 I have verified this while playing around and trying to answer this question . 我在玩耍并尝试回答此问题时已对此进行了验证。

The problem here is that chrome.webRequest.onCompleted.addListener is asynchronous, which means that when the callback (and therefor your chrome.tabs.executeScript ) is executed, the browser has already started constructing the DOM. 这里的问题是chrome.webRequest.onCompleted.addListener是异步的,这意味着当执行回调(并因此执行chrome.tabs.executeScript )时,浏览器已经开始构建DOM。

You can start by injecting the script to all relevant iframes directly using the "content_scripts" in manifest.json instead of using programmatic injection. 您可以先使用manifest.json"content_scripts"直接将脚本注入所有相关的iframe,而不要使用程序注入。 I haven't verified this, but you could also try injecting the script from a chrome.webRequest.onHeadersReceived listener with the "blocking" option, which allows you to handle the request synchronously . 我尚未对此进行验证,但是 您也可以尝试使用 chrome.webRequest.onHeadersReceived监听器中的 "blocking"选项注入脚本,该选项可让您同步处理请求 You are probably already listening to onHeadersReceived in order to remove the X-Frame-Options header anyway. onHeadersReceived ,您可能已经在监听onHeadersReceived以便删除X-Frame-Options标头。


Edit: 编辑:

Programmatic injection in a blocking onHeadersReceived listener is not possible. 无法在阻塞的onHeadersReceived侦听器中进行程序注入。 Chrome returns an error about lack of permissions - probably because the URL is not known at this point yet (the headers could cause a redirect). Chrome会返回有关权限不足的错误-可能是因为目前尚不知道该网址(标头可能会导致重定向)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 iframe 中实现 Frame Buster Javascript - How to implement Frame Buster Javascript in iframe 替代反框架破坏者 - Alternative Anti Frame Buster 将 javascript 函数注入 Iframe - inject a javascript function into an Iframe 如何将动态JavaScript代码注入到父页面上已经存在的iframe中 - How to inject dynamic javascript code into an iframe that already exists on parent page 是否可以在 IFRAME 标签嵌入的页面中注入 JavaScript 代码? - Is it possible to inject JavaScript code in a page embedded by IFRAME tag? 如何在网址中注入javascript代码以在现有页面中插入iframe - how to inject javascript code in url to insert iframe in existing page 绕过iFrame破坏程序脚本 - Bypass iFrame buster script 在HTTPS网页上注入iframe - Inject a iframe on a HTTPS web Page 将JavaScript从文本区域注入到iframe中 - Inject Javascript from a textarea into an Iframe 如何使用jQuery或javascript将div放在页面的顶部? - How to put a div on the very top of the page using jQuery or javascript?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM