I have two chrome extensions - A and B.
I want extension A and extension B to see and modify the same variable var.
How one can achieve that?
PS.
May be irrelevant, but in this specific case, I want var to be a Web Worker. I want n number of extensions to be able to utilize single instance of .wasm Web Worker.
Related
Good afternoon!
We're looking to get a javascript variable from a webpage, that we are usually able to retrieve typing app in the Chrome DevTools.
However, we're looking to realize this headlessly as it has to be performed on numerous apps.
Our ideas :
Using a Puppeteer instance to go on the page, type the command and return the variable, which works, but it's very ressource consuming.
Using a GET/POST request to the page trying to inject the JS command, but we didn't succeed.
We're then wondering if there will be an easier solution, as a special API that could extract the variable?
The goal would be to automate this process with no human interaction.
Thanks for your help!
Your question is not so much about a JS API (since the webpage is not yours to edit, you can only request it) as it is about webcrawling / browser automation.
You have to add details to get a definitive answer, but I see two scenarios:
the website actively checks for evidence of human browsing (for example, it sits behind CloudFlare and has requested this option); or the scripts depend heavily on there being a browser execution environment available. In this case, the simplest option is to automate a browser, because a headless option has to get many things right to fool the server or the scripts. I would use karate, which is easier than, say, selenium and can execute in-browser scripts. It is written in Java, but you can execute it externally and just read its reports.
the website does not check for such evidence and the scripts do not really require a browser execution environment. Then you can simply download everything requires locally and attempt to jury-rig the JS into executing in any JS environment. According to your post, this fails; but it is impossible to help unless you can describe how it fails. This option can be headless.
You can embed Chrome into your application and instrument it. It will be headless.
We've used this approach in the past to copy content from PowerPoint Online.
We were using .NET to do this and therefore used CEFSharp.
I'm working on an application where I have multiple webworkers running together. These webworkers are developed by third parties, and are not trusted. They provide postmessage APIs to each other.
I would like to enable the webworkers to have safe access to local storage. IndexedDB is the standard choice, however I need to ensure that a malicious webworker cannot interfere with the data of another webworker.
My original idea was that I could 'domain' each webworker somehow. Each one gets access to its own piece of IndexedDB, and cannot see the storage put in other pieces by other webworkers. At the moment, I do not believe this is possible since I need the workers to exist together in one iframe.
My next idea was to have a single, trusted webworker that has IndexedDB access, and set up sandbox rules for all of the other webworkers such that they can't use IndexedDB at all, but instead must communicate with the API of the trusted webworker to store and retrieve local data. My current understanding is that I can get this to work if I use two iframes, where the first iframe has access to IndexedDB and runs the trusted webworker, and the second iframe is in a different domain where non-malicious webworkers know not to use the storage.
I am not a huge fan of the two iframe solution - it's complex, has performance overheads, and requires webworker devs to know they can't safely use localstorage even though they actually have access - and I'm looking for a better way to sandbox specific webworkers away from indexeddb.
I'm writing an odd kind of webapp that is designed to communicate with other sites loaded into the browser. This is fairly trivial to do via MessageChannels. Now, these applications must access protected resources and must get authorization from the user. Using something that would allow these other applications to communicate with a server (such as OAuth) is not an option since there is no server: Support for P2P and E2EE connections is required. One idea I had for limiting access was to use Symbols: For example, if a message is sent that references a resource, it may contain the Symbol for that resource. Then, if the other application wants that resource, it can retrieve it by using that Symbol.
The problem is that I'm not sure this is secure. Is there any way to deliberately create a Symbol that is not unique? If so, this could potentially be used as an attack vector in my webapp: A malicious "client" application could just keep guessing Symbols until it finds one that corresponds to something useful.
Also, if there's a better way of doing this or you see any other issues with it, feel free to let me know ;)
EDIT: To clarify: Application A creates a Symbol to give to Application B. With this Symbol, Application B can access certain resources (files, objects, etc.) which are sent back to it. Is there any way for Application C to get access to a Symbol that is equivalent to the one given to Application B without actually being given the Symbol from either Application A or B?
EDIT: Confirmed that Symbols can, in no way, be transferred across MessageChannels. So there's little point to the question...
Symbols cannot be transferred through MessageChannels. Tested in Firefox.
I am about to use Storage.setItem() in one of my Angular project but wanted to check how does browser handle the scenario when two separate web apps try to set the storage with the same key.
Does the previous value get overridden?
Or does the browser have a way to seperate out storage for each individual web-application
localStorage is set on a per domain basis. So keys won't clash if they are on different web applications in my opinion.
See In HTML5, is the localStorage object isolated per page/domain?
I am in the process of translating my Chrome extension into a Firefox extension. I am having a problem though.
My extension requires stored data for the extension to be loaded in the content script as well as in the popup page. I have no problem with this in my Chrome extension. I just use chrome.storage to pass and retrieve storage and I can use that both in my content and popup scripts with ease.
With Firefox, I'm having a having a hard time figuring out exactly what I have to do different. I got that I can't use chrome.storage and rather use the
const storage = require("sdk/simple-storage").storage;
thing, but I need to use this in both the content script and the script for the popup page. I researched and found I can't use the require function more than once, so my question is, would I be able to share the variable between the popup script and the content script? I need the storage from both sides and there isn't any other way I can see to make the extension work.
Thanks.
You use message-passing to have the content script the main addon communicate with each other.
Two possible approaches:
send down the data in advance if it's not too large / doesn't affect too many tabs and also push down updates as they happen. this provides superior read latency at the potential cost of increased memory footprint and increased cost of writes.
request individual data items on demand. this is better for frequently-written or large items of data but comes at the cost of higher latency per request.
You also might want to look at webextensions. storage in content is not yet supported there either, but it probably will be in the future.