I have a web extension that lets any website access the clipboard. On request I will ask the user if it is okay to give access to the clipboard.
I do this in two ways
I create a notification
The problem: firefox doesn't allow buttons, so in the message I say "Click here to allow website x access". I added an eventlistener to the notification that sends a message back to the content script and it proceeds from there. It's okay but not really the best solution (I want buttons)
As a fallback I have a simple confirm box.
The problem: it doesn't really look good.
Now my other idea is to create a custom confirm box. That means create some html, css and javascript and append it to the DOM. This although is potentionally dangerous as websites can just trigger a "click" on the "allow access"-button then.
So I am basically looking for a nice and safe way to get confirmation from the user.
So what next? iframes? Is it possible to include an html page from the addon with access to a content script in an iframe?
Or is there some other way I can implement this maybe web extensions already offer something like this?
Completely overlooked the click event argument. There is a event.isTrusted property which is false when the event was triggered. (maybe not available in all browsers). But this pretty much solves the issue.
Related
I recently had an issue whereby a user was complaining that they couldn't access a certain page because the link wasn't where it was supposed to be.
After some head-scratching, I had them disable all browser extensions and sure enough the problem went away. Re-enable extensions one by one...
AdBlock.
For some reason, it was blocking the links to the pages the user wanted to access.
Now, I don't run ads and never plan to, so usually I just tell people with this problem to whitelist the site and all is well. But if someone never knew there was a problem to begin with, I would actually lose traffic because of this. So how can I avoid this?
The only thing I can really think of is to detect AdBlock and pop up a small notice explaining that AdBlock is known to corrupt the website and that, since we don't run ads, they may want to disable it for the site. I mean, the site is a game, and this isn't the first time a browser extension has broken it, but I don't think first-time visitors would be too happy to see a popup asking to disable their blocker, you know?
So any solution that would actually prevent AdBlock from corrupting the site in the first place would be great.
You cannot prevent Chrome extensions from running. They operate in their own separate thread, with a privileged API, and hidden from page scripts.
Detecting adblockers is awkward. The easiest way is to create a 'sacrificial element' - a div with a class like 'ad_unit', for example - add it to the DOM and then wait a frame to see if it has been hidden (with display: none, for example, or a getBoundingClientRect check).
Element checking is tricky, though, because strictly speaking there's no guarantee an adblocker will run synchronously or before your checking code.
Because adblockers run in a privileged mode, their operation does not trigger events in the nonprivileged script space. To put it more simply: you can't use DOMMutationEvents to spy when a foreign extension messes with your page.
The other option is to try and load a 'sacrificial file' - an image with a URI that looks like an advert, say - and then attach an onError handler to the element. If it throws an error that looks suspicious (I think it's ERR_BLOCKED_BY_CLIENT on Chrome), then you show your warning message.
Your final choice is to try and avoid incurring Adblock's wrath in the first place. Adblockers generally use open blacklists of URIs and CSS selectors, like EasyList (https://easylist.to/easylist/easylist.txt) - this is what AdblockPlus uses and a fair few others. You could just try and make sure your DOM elements never have IDs or classes that collide with any of those selectors. It's a big list, though, and it can change at any time.
So I decided recently to create a firefox extension I have been thinking about, but do not have any prior experience with it. I read on the official tutorials and figured that the addons sdk seemed to fit me well, but I seem to have hit a hitch using it.
What I want to do is create an options popup dialog, similar to the one you see if you press alt-tools-options. That is, a border with title and close button on the upper part, and a bigger area inside the window where I can define an "intuitive" (default elements with the skin the user is used to) GUI.
The tabs at the top (general, privacy security etc.) is nothing I really need, though would not hurt either.
So the issue is that from my searches, when you use addon sdk, you are not supposed to use XUL which has those elements, but instead you seem to be supposed to create something custom using HTML in a panel. I don't think its possible to create the top-bar akin to the real options-menu when using that, although if I am wrong I would not mind being corrected.
I had a similar issue before, where I wanted a drop-down menu from the toolbar similar to the default ones, which I solved thanks to: How to add a dropdown menu to a firefox addon sdk powered addon toolbar button?.
Might be worth noting that that the button opening the options dialog is one of the menuitems created as described there.
I was considering that it could probably be possible (aka I am not sure) to use something akin to this, but sadly I do not know how I would create a "separate" (drag-able) popup that I could use this on.
If possible, I would prefer there to exist a solution, but if someone knows that it is indeed impossible, please do post that so and I can give up without regrets and just make some sort of custom HTML panel instead :)
tldr:
Is there a way to create a popup dialog similar (in style) to the options window you can open using alt-tools-options in firefox when developing using addon sdk?
Essentially, you aren't supposed to, at least not with the SDK.
But then again, it is still possible, but you need to do a lot of stuff yourself:
You need to register a chrome: package for your add-on, as the resource: URIs the SDK uses internally do not work correctly for XUL windows. Create a Chrome Registration (chrome.manifest file). The SDK supports this since Firefox 24 IIRC.
Create the XUL file. For preferences/options windows, there is already the <prefwindow> binding. Look at other extensions and or the Firefox Options dialog (which is a huge thing with multiple overlays, so better look at other extensions). Place the XUL file in chrome/content/<somefile>.xul. This will then correspond to chrome://<registered_package_from_1>/content/<somefile>.xul.
Implement something that will actually display the window. Normally non-SDK add-ons would just put em:optionsURL into their install.rdf, to have the Add-On Manager automatically create a Preferences button that will open the specified URL, but in the SDK this is generated from package.json and there is no way to put optionsURL in package.json if I'm not mistaken. But you could do other things, like using a simple-prefs type: control button to have a button in your about:addons page, or add it to some browser menu (which would require yet another heap of XUL-modifying, require("chrome") code.). To actually open the dialog, you could use window/utils.openDialog.
Don't forget to close any open windows again when your add-on gets unloaded.
As you can see, not a simple task...
If you're just after preferences in general, consider using simple-prefs.
I use a lot of JavaScript on my site (currently under construction). My worry is if some of the client side's system has JavaScript disabled then my site will "miserably fail".
I know that we cannot programatically override to enable JavaScript as it would be a security issue. But what I want is if the client side system has JavaScript disabled then a popup should appear with a button so that when the user clicks the button automatically JS will be enabled no matter in what browser he is viewing the site.
I am asking this because I saw the same thing myself when I viewed some other site.
That is not possible. You can however display instructions on the page on how to enable JavaScript, but considering that people who disable JavaScript usually know what they are doing they'll know how to enable it themselves.
I'd say there are very few people who accidentally disable JavaScript, so your worries are probably unnecessary.
Well if you want a popup to appear then you need to make it happen using javascript, so I guess the answer is that you can just ignore the very small percentage of people who have javascript disabled for their browsers.
What you are probably looking for is Progressive enhancement.
Instead of showing a message through JavaScript that tells the user to enable JavaScript you do it the other way around.
By default you show a message, in a div for example, and when JavaScript is enabled you hide the div. You only use JavaScript to enhance the user experience but offer a 'reasonable' experience when the user doesn't have JavaScript enabled. Reasonable could mean in your case an empty page with some text that explains why you really need JavaScript.
I really want to make google mail by default bottom posting, in other words, I want the cursor in the textarea in a reply message to move automatically to the bottom.
Is this possible with google chrome extensions?
Have you maybe any other suggestions?
Problems I'm facing:
Run the extension script when gmail is fully loaded
The target textarea is in it's own iframe, is it possible to access it?
Yes, you may use the Content Scripts feature of a Chrome extension in order to manipulate the
page a user is browsing. Your content script code will run in the context of the web page the user is browsing, and it may interact with the host page almost without limit.
Manipulating Gmail might be a bit trickier than most other pages, due to its dynamic nature. Consider using the jQuery .live() method to make it easy bind to the elements you want to manipulate.
With regard to iframes, you just have to turn on the "all_frames" option in your manifest, which "controls whether the content script runs in all frames of the matching page, or only the top frame."
(I know this question is a bit stale, but I thought maybe you'd still appreciate an answer.)
I hope that helps.
Using JavaScript, is it possible to add a bookmark in Firefox directly, without opening any dialog box? That is, I want the user clic on a link and that the bookmark is automatically created, without the need to any further step.
Fortunately, no. It would be a horrible breach of security.
Could be a different story in the context of a Firefox Extension, but I assume you are asking for a normal web page.
If it was possible, any possible website would be able to create any kind bookmark, without the user even noticing.
As a user, I certainly hope this is not possible ^^
(And, as a developper, I don't think it is)