Userscript open a client side generated page - javascript

I'm writing a userscript which will generate a web page client side and open to view it.
What I want:
Open a page with specified content generated by the userscript
It should work on recently Firefox with Violentmonkey
What I'm trying:
convert generated page to data: or blob: url and then open it by window.open / GM_openInTab.
What is wrong:
window.open(myUrl):
Adblock Plus with EasyList dislike this. It will close pages with data: or blob: url automatically.
GM_openInTab(myUrl) aka chrome.tabs.create({ url: myUrl }):
Firefox disallow it at all. Trying to open a tab with data: or blob: url will simply do nothing.
Notes: Userscript is a page script (injected script) from extension. Userscript host (like Violentmonkey) will post message to backend script and call web extension api with backend script.
I don't want use a server for this issue, since I don't want anyone collect user info from the network request.
So, What should I do now?

Related

Manifest V3 web extension overwrite response body

How would I overwrite the response body for an image with a dynamic value in a Manifest V3 Chrome extension?
This overwrite would happen in the background, as per the Firefox example, (see below) meaning no attaching debuggers or requiring users to press a button every time the page loads to modify the response.
I'm creating a web extension that would store an image in the extension's IndexedDB storage and then override the response body with that image on requests to a certain image. A redirect to a dataurl: I have it working in a Manifest V2 extension in Firefox via the browser.webRequest.onBeforeRequest api with the following code, but browser.webRequest and MV2 are depreciated in Chrome. In MV3, browser.webRequest was replaced with browser.declarativeNetRequest, but it doesn't have the same level of access, as you can only redirect and modify headers, not the body.
Firefox-compatible example:
browser.webRequest.onBeforeRequest.addListener(
(details) => {
const request = browser.webRequest.filterResponseData(details.requestId);
request.onstart = async () => {
request.write(racetrack);
request.disconnect();
};
},
{
urls: ['https://www.example.com/image.png'],
},
['requestBody', 'blocking']
);
The Firefox solution is the only one that worked for me, albeit being exlusive to Firefox. I attempted to write a POC userscript with xhook to modify the content of a DOM image element, but it didn't seem to return the modified image as expected. Previously, I tried using a redirect to a data URI and an external image, but while the redirect worked fine, the website threw an error that it couldn't load the required resources.
I'm guessing I'm going to have to write a content script that injects a Service Worker (unexplored territory for me) into the page and create a page rule that redirects, say /extension-injected-sw.js to either a web-available script, but I'm not too sure about how to pull that off, or if I'd still be able to have the service worker communicate with the extension, or if that would even work at all. Or is there a better way to do this that I'm overlooking?
Thank you for your time!

Why does my site cert become insecure after a JQuery AJAX call?

I've got a website that uses JQuery to grab information from an API located at: https://api.lootbox.eu/. The website I'm making has a cert that's been created and installed with Let's Encrypts tools. (I followed a tutorial on DigitalOcean to set it up)
Now, when I click a button to make the API call and update the website contents, Google Chrome then deems the cert "Not Secure" (shown in the address bar).
Here's my code.
//when the page has fully loaded
$(document).ready(function(){
function parseResponse(data)
{
//parsing JSON...
//lets avoid the "data.data"
response = data.data;
//set the user's general profile details
$("#user_avatar").attr("src", response.avatar);
$("#comp_rank_img").attr("src", response.competitive.rank_img);
$("#comp_rank").html(response.competitive.rank);
$("#qp_level").html(response.level);
$("#qp_playtime").html(response.playtime.quick);
$("#comp_playtime").html(response.playtime.competitive);
$("#qp_wins").html(response.games.quick.wins);
$("#comp_total_games").html(response.games.competitive.played);
$("#comp_wins").html(response.games.competitive.wins);
$("#comp_losses").html(response.games.competitive.lost);
}
//goes to the Overwatch API and grabs the JSON data for processing.
function processAjax()
{
$.ajax({
url: "https://api.lootbox.eu/pc/us/JuicyBidet-1292/profile"
}).then( function(response){
parseResponse(response);
});
}
//set up the button event listener
$("#submit").click(function(e){
//prevent the button from reloading the page
e.preventDefault();
//run the ajax grabber/processor
processAjax();
});
});
(I need to learn how to format code properly in SO questions...).
I don't get any other errors in my Chrome console (other than "favicon" 404ing - which is unrelated).
I've also tried the website in Microsoft Edge and I get the following in their Console:
SCRIPT7002: XMLHttpRequest: Network Error 0x800c0019, Security certificate required to access this resource is invalid.
I'm thinking either the problem is with my code, or now that I've checked, the API website's cert is invalid in both Chrome and Edge.
Any help would be appreciated. Thanks.
(I'm aware the code is scrappy, I'm learning)
I get this warning "This server could not prove that it is api.lootbox.eu; its security certificate expired 6 days ago"
This could happen because of one among following reasons.
1.Certificate is not issued by the third party site.
2.The third party site certificate is not updated.
3.The third party and browser connection is not secure.
The insecure error is because if a site is loaded over https the browser expects all subsequent calls made by the page will be secure, but in your case you are calling a URL http://api.lootbox.eu/pc/us/JuicyBidet-1292/profile which uses http:// and is insecure thus making your website insecure.
Solution
Use https url's everywhere in your pages.

Mobile iOS Safari Test URL Scheme JS

Aim:
What I wish to do is test if a URL scheme (Cydia://) exists on the device, and then report back to a variable. I do not want to actually open the URL.
I've done a load of googling, all the answers I can find actually open the URL scheme.
Update:
I've been testing a few methods:
Ajax Call - Fails with and without URL Scheme existing - Returns "error"
Load Fake Script from URL Scheme - Fails w/ & w/o URL Scheme existing - Returns "error"
I have contacted the author of the app that uses the URL Scheme to see if he has any resources on the scheme that I could load to test if it exists, but I've had no reply yet.
Thanks.

How to open a page with information about the browser?

Is it possible via window.open to open a page with information about the version of the browser? My browser is Google Chrome.
window.open("chrome://version/");
This code opens a new tab "about:blank".
You cannot use any of the usual APIs from the Web platform to open chrome:// pages.
These pages can be opened using chrome.tabs.create though:
chrome.tabs.create({
url: 'chrome://version'
});
You're not allowed to do this (security reason, probably):
Try typing that in the console:
window.location.href = "chrome://version/"
output: Not allowed to load local resource: chrome://version/

Problem While Doing html5 webapp cache

I have a webapp which has the domain http://draft.mo2do.com
when i am accessing the url it will resolve like the below url and redirect to the corresponding site home page
http://draft.mo2do.com/s/_91665/Home
Here i implemented offline cache. My cache.manifest file is the below
CACHE MANIFEST
# Offline cache v4.0
# All other resources (e.g. sites) require the user to be online.
NETWORK:
*
# Additional resources to cache CACHE:
# Add the pages in to the cache
/s/_91665/Home /s/_91665/CachedDraftBoard
http://draft.mo2do.com
# Add the images in to the cache
/s/store/-1/webapp/styles/webapp.css
/s/store/-1/webapp/styles/nba_draft.css
/s/store/-1/webapp/styles/add2drafthome.css?v2
# Add the js files in to the cache
/s/store/-1/webapp/scripts/jquery-1.5.min.js
/s/store/-1/webapp/scripts/iscroll.js
/s/store/-1/webapp/scripts/webapp.js
/s/store/-1/webapp/scripts/nba_draft.js
/s/store/-1/webapp/scripts/cacheUpdate.js
/s/store/-1/webapp/scripts/add2drafthome.js?v0.9.4
/webapp/icon.png /webapp/startup.png
/s/store/-1/webapp/nba/addtodrafthome/arrow.png
/s/store/-1/webapp/nba/addtodrafthome/close-bubble.png
/s/store/-1/webapp/nba/addtodrafthome/icon.png
/s/store/-1/webapp/nba/addtodrafthome/plus.png
/s/store/-1/webapp/nba/addtodrafthome/share.png
FALLBACK:
http://draft.mo2do.com
If i am directly accessing the site url the caching is working and that time i didnt mention the "http://draft.mo2do.com" in the cache section.During this time offline cache is working fine.
If i directly access only the domain url "http://draft.mo2do.com" in the browser it is not opening 404 in the offline mode.
Then i added the "http://draft.mo2do.com" in the cache section that time i am getting exception
Application Cache Progress event (2 of 3) http://draft.mo2do.com/ Application Cache Error event: Resource fetch failed (-1) http://draft.mo2do.com/
If i access the domain also it should load the app in the offline mode. If i access direct url app is loading fine.
How can I solve this issue?
The cache has to directly reference specific resources, be they Javascript, CSS, HTML pages, images, whatever. From what I can tell from the content above, you've done that. Simply placing a domain in there however won't work (you also need to reference all of the pages you want off-line, e.g. /s/_91665/Home needs to be in there).
So, there's an error somewhere along the line, but it's hard to figure out what you mean by this:
If i directly access only the domain url "http://draft.mo2do.com" in the browser it is not opening 404 in the offline mode.
Can you be more clear? Do you mean that going to that URL results in a 404, or is there something in the page itself that's in error?
Are you sure that your cache file is functioning as intended? If there are any errors at all in your cache file, your off-line application simply won't work. This page offers some debugging code which may help:
Debugging HTML 5 Offline Application Cache

Categories