I'm building a Firefox extension that alters the page content of a few select websites and I'm using the Greasemonkey compiler to do this (http://diveintogreasemonkey.org/advanced/compiler.html).
The trouble I'm having though is with websites using secure http. Even if I list the https version of the site in my #includes, Greasemonkey still doesn't pick it up and change the scripted content.
Any ideas on how I can still have the same effect on https sites? Thanks.
Related
I am currently building a Google Chrome extension displaying a Twitch player within the extension window. To do so I need to have the domain / website on which the extension is hosted. In this case I guess it would be Google Chrome but I don't quite understand hwo to get the exact domain name.
Thanks in advance!
To do so I need to have the domain / website on which the extension is hosted.
They aren't hosted on any domain at all, they're loaded directly by Chrome from its local copy of the extension. The scheme used in the URL is chrome-extension://, not http:// or https://. For instance:
chrome-extension://longstringofcharactershere/filename.html
If you need to provide Twitch with a domain (for instance, to get passlisted in their CORS policy or some such), there's simply no domain to give them. (I haven't tried, but Chrome extensions are really locked down by default, I doubt you could even embed an iframe loaded from a domain you control. Extensions are a privacy and security nightmare, so Google locks them down pretty thoroughly.)
I have finished coding my extension for Chrome and FireFox (WebExtensions). I have used window.postMessage() for communication between website script and the extension and everything works.
But now I am reading that there are methods by chrome (https://developer.chrome.com/extensions/messaging) like chrome.runtime.sendMessage()to send messages. Will my extension be rejected if I use window.postMessage() so I have to recode everything?
Yes, this is a perfectly valid way of communication - between a page and a content script.
In fact, if you look at the Content Script documentation, it lists postMessage as a way of communication to the content script.
The method described at the Messaging documentation allows to cut out the content script as a middleman, and provides some degree authentication for messages (only the indended recipient will receive them), providing you configured "externally_connectable".
But "externally_connectable" is not supported in Firefox yet, and I can't quickly find a bug that tracks its implementation.
Can somebody provide an example of content script which executes only on example.com pages? Just like in Chrome extensions.
I can't figure out with this SDKs and weird things. In Chrome it's easy.
Please, no Firefox XUL interface.
I mean, it will be very good to see whole extension example, not just code.
My plugin almost works fine in Safari for Mac, but sometimes it is blocked by Safari(see at Safari - Preferences - Security - Manage website setttings).
so my first question is how can I let my plugin be a "Allow Always" plugin in Safari without user's operation?
And when plugin is blocked, Safari will display a placeholder instead of the Internet plugin content. look here
so the second question is when Safari block my plugin(maybe user choosed), how to know it by JS?
Your comments above made it more clear what you were trying to accomplish. It has already been established that if your plugin is blocked than no code inside your plugin will be executed (for security reasons) but it is possible to let your website know if the plugin was loaded (or not loaded) using injected scripts. Here is an example on the Apple developer page showing how an injected script can access a JavaScript function.
In this document you will find everything you need to know about access and restrictions for your plugins and extensions
And this document will help you understand messaging and proxying between different components of your plugin and the website.
I am working on an environment that relies on unedited scripts. All the basics are covered (secured location, https ...), but I'd like to add an additional check by verifying the scripts (calculating a checksum) in the users browser via a Firefox extension.
How would an extension be able to access the source of a loaded script? As I am fairly new to developing Firefox extensions, any hints are greatly appreciated.