I am aware that both these apis are used to inject Javascript into the webpage. Is there any difference between loadSubScript and loadFrameScript in Firefox extension development? In which situation would you use them?
I assume that you are asking about mozIJSSubscriptLoader.loadSubScript() and nsIChromeFrameMessageManager.loadFrameScript(). These are two entirely different mechanisms with the only similarity being that both can load and execute code.
mozIJSSubscriptLoader isn't meant to load code into web pages - its primary goal is to load parts of your extension dynamically. This is a very old mechanism that even predates JavaScript code modules.
The goal of loadFrameScript() is to load content scripts however, originally introduced to support multi-process setups (e10s project). It will load scripts that will run with the privileges of the web page in the context of the web page. No direct interaction with the code that loaded it is possible, only messaging.
Most extensions don't have any reason to use loadFrameScript. It's target is remote debugging.
Related
So I'm injecting some html into page (extension written with angular.js) and on pages with google maps frames like airbnb the loading slows down. So I don't have any idea how I affect that. Any ideas?
When you load JavaScript from a third party you should do it asynchronously. You might want to load your own scripts asynchronously too, but for this article let's focus on third parties.
There are two reasons for this:
If the third-party goes down or is slow, your page won't be held up
trying to load that resource.
It can speed up page loads.
At Wufoo, we just switched over to an asynchronous embed snippet. Users who build forms with Wufoo and want to embed them on their site are now recommended to use it. We did it for exactly those reasons above. It's the responsible thing to do for a web service that asks people to link to resources on that services site.
There is a little terminology involved here that will help us understand the umbrella "asynchronous" term.
"Parser blocking" - The browser reads your HTML and when it comes to a it downloads that entire resource before moving on with the parsing. This definitely slows down page loads, especially if the script is in the head or above any other visual elements. This is true in older browsers as well as modern browsers if you don't use the async attribute (more on that later). From the MDN docs: "In older browsers that don't support the async attribute, parser-inserted scripts block the parser..."
To prevent problematic parser blocking, scripts can be "script inserted" (i.e. insert another script with JavaScript) which then forces them to execute asynchronously (except in Opera or pre 4.0 Firefox).
"Resource blocking" - While a script is being downloaded, it can prevent other resources from downloading at the same time as it. IE 6 and 7 do this, only allowing one script to be downloaded at a time and nothing else. IE 8 and Safari 4 allow multiple scripts to download in parallel, but block any other resources (reference).
Ideally we fight against both of these problems and speed up page loading (both actual and perceived) speed.
https://css-tricks.com/thinking-async/
Is it possible to have a Python application with a GUI (such as TkInter or WxPython) with :
a Chrome browser as a widget using the main part of the GUI, displaying a certain .html page
be able to save files locally thanks to Javascript that is run in the embedded Chrome (that is normally impossible with any browser for security reasons)
If it's not possible in Python, I'm open to use another language (C++, etc.).
You mention that you're open to trying platforms other than Python. Have you seen Electron? It's a framework and runtime for building desktop applications in JavaScript with full access to the file system made by GitHub. It's based on Chromium, the same open source project that Chrome is based on.
http://electron.atom.io
http://electron.atom.io/docs/api/file-object/
Yes, it should be doable. In current versions of wxPython there is the wx.html2 module, which provides classes for embedding a fully featured browser in a wx window. It's not Chrome itself, but probably close enough. See https://wxpython.org/Phoenix/docs/html/wx.html2.WebView.html
For your task you can probably have the javascript trigger an action which is caught by event handlers in the application GUI code, which will then save the files or do whatever you need.
I am trying to make a Box2D TestBed structure in a Chrome app using kripken's Box2D.js. I have successfully gotten the testbed built and working you can download it from here. One of the features I would like to add to the testbed is the ability to load JavaScript files at runtime. Since chrome apps can't use eval is there any way of loading a JavaScript file at runtime? I've tried using $.getScript with a file:/// URL and the appropriate permissions but that doesn't work. Here are some example files that I would like to load at runtime. This is very frustrating since the program can be run on the web but not in a chrome app!
UPDATE:
I've tried using a chrome sandbox to do the evaling but I cannot pass functions through window.postMessage. I'm beginning to lean towards hosting it on a server.
Thanks!
You should be able to load external scripts. There's a catch though; you'll have to do it in a sandboxed page that doesn't have any access to the chrome.* APIs. But you can communicate with this page through window.postMessage
See http://developer.chrome.com/apps/app_external.html
Yet there are tools to make one addon for all major browsers at once,
see: crossrider, kangoextensions and http://besttoolbars.net/products/addon_framework
With greasemonkey and a converter to a full firefox addon,
i already made an addon, that does the following three simple things:
check http status of external links with wiki.greasespot.net/GM_xmlhttpRequest,
(which won't work out with javascript alone as of cross-site-scriting policy.)
manipulate the current page/dom through some regex
inject an additional hosted javascript for automatic updates
but is there any "cross-browser addon maker" capable of the 3 things above?
(especially http to external links like GM_xmlhttpRequest)
and open source, free or at least free of their branding in the addons made with it?
or else what is the easierst way from my greasemonkey script to full addons for also
chrome,[opera,internet explorer,safari(or more)].
(i imagine this alone could be a few kb of code to match the requirnments above and doesnt need to be a complex service like crossrider?)
Thanks!=)
I think you can achieve your goals using the Crossrider platform, writing code once in JavaScript that works on all supported platforms. For your specific goals, you can use the appAPI.request API for your HTTP requests and jQuery/JS DOM to manipulate the page content.
Regarding branding, the Crossrider platform enables you to customize the extension using your own image, specify your own post-installation landing page (Thank You page), and either host a seamless installer widget on your site OR host a Windows installer file, and hence an end user does not see any Crossrider branding at all.
Finally, regarding monetization, we have a strict policy of only monetizing extensions with the mutual consent of the extension developer.
I hope this clarifies your concerns, but please feel free to ask any further questions either on this thread or by contacting our support (support#crossrider.com).
Disclaimer: I am a Crossrider employee
I've recently read the chromium sandbox architecture overview and the multi process architecture high level design.
The developers claim they run the tabs and web apps in a privileged external process for 2 main reasons:
1) Prevent the browser from crashing in case a tab or a web app crashes.
2) Various security reasons.
The security reasons I read about were mostly about changing the user's system configuration via Win32 API.
Now let's assume I develop a web browser that uses Webkit and V8 JS Engine and does not allow browser extensions and flash to be executed from within the browser.
Furthermore let's assume that application crashes are not an issue.
1) What advantages do I gain by implementing the sandbox architecture?
2) Can pure Javascript code access the memory\file system or invoke any unwanted windows API function?
3) What are the other security concerns I'm not aware of?
People have been hacked though web browsers for years, this is a silly question. Of course JavaScript can be used to gain access to the shell. This is the basis of browser based exploitation. Not only JavaScript, but malformed HTMl and CSS are also commonly used to corrupt memory and gain remote code execution. WebKit is new, and it has a lot of security problems. Keep WebKit Up to date, or you will be hacked.
It should be noted that JavaScript runs within a sandbox that jails it from accessing important resources on your machine or other websites, we call this the same origin policy. Google introduced another sandbox for Chrome to try and prevent remote code execution as a method of defense in depth, security in layers.