I know that getRequestURL will fetch me the URL of the page being opened.
I need to know how to get the URLs of all the tabs opened in the browser say firefox.
Is there anyway to achieve this?
This is not possible to do from a regular web page as it would be a serious security issue.
However, it is possible with browser extensions (for example, in Chrome there is a chrome.tabs.getAllInWindow() function available to plugins, and accessing their urls is simply a matter of looping through the tabs returned by that function and reading the .url property. See further documentation here).
From your own web page you should not be able to achieve this, as that would be a breach of the sandboxing these browsers attempt to enforce between tabs. If you launched the other windows via javascript, you may be able to control their content, but only under this circumstance.
You could feasibly write a plugin to run in the browser, but obviously the client would have to install/trust this for it to work.
Related
I'm trying to develop a Chrome extension that is supposed to completely replace a specific website's pages with a new UI. In other words, when the user visits said website, the extension should "intercept" it seamlessly and display the new "app" (preserving the URL and without opening a new tab or window). I currently use a content script to manipulate the DOM, but it's too messy.
Chrome apps such as Google Docs achieve the same goal through URL handlers, but they're not an option since they're now deprecated.
Currently, I'm aware of two options:
Intercept the URL and redirect it to an extension URL. I want the URL to be preserved.
Use a content script to stop the page from loading at document_start (using window.stop()) and then "inject" the new app. Apparently, that works, but it sounds quite hacky and prone to unexpected glitches.
What I'd like to know:
Is the second approach good enough? What limitations and other issues will I face if I use it?
Is there any other approach that is at least as good (and preferably designed for this purpose)?
You can't open a chrome app in a tab, only in a window. I don't think they have content scripts either.
Also, chrome apps are now only available on chrome os when you publish it for the first time (existing chrome apps work for any os).
To solve your question, you could use an extension with content scripts and just open up an iframe fullscreen so the url is preserved in the omnibox and it could have the page you want in the iframe as the page that would be in the app.
Content handlers are meant for opening a special protocol url to do something like send an email, etc. Examples would be like tel://, sms://, mailto:, etc.
So you would not want this. Also they aren't that noticable when approving to handle the protocol.
When I'm viewing the downloaded resources for a page in the Chrome web inspector, I also see the HTML/JS/CSS requested by certain extensions.
In the example above, indicator.html, indicator.js and indicator.css are actually part of the Readability Chrome extension, not part of my app.
This isn't too big a deal in this particular situation, but on a more complex page and with several extensions installed, it can get quite crowded in there!
I was wondering if there was a way to filter out any extension-related resources from this list (i.e. any requests using the chrome-extension:// protocol).
Does anyone know how I could achieve this?
Not quite the solution I was after (I'd have preferred a global setting), but there is now a way to filter out requests from extensions, as mentioned by a commenter on the issue I originally opened.
In the network tab filter box, enter the string -scheme:chrome-extension (as shown below):
This is case-sensitive, so make sure it's lowercase. Doing this will hide all resources which were requested by extensions.
Just enter "-f" in Network field
Was having the same question when my extension adds a lot of noise in the network tab.
Some extensions also fire a lot of data like data:text/image etc, you can append more filter with - like:
-scheme:chrome-extension -scheme:data
Another way to get the http/https requests is to just use scheme:https without - because the resources that extensions request are usually from their local bundle:
scheme:https
An Incognito Window, can be configured to include or exclude extensions from the extensions page of Chrome settings.
One alternative is to go to "Network Request blocking" tab and add "chrome-extension:" to the list, thus extension requests will be blocked and coloured red so it's easy to visually filter them out.
you can simply enable this option and requests from extension will be group.
Update: It can only group requests that create by the extension that draw iframe, such as cVim
Some websites have JavaScripts which are used for browser fingerprinting. I know these type of scripts check and send data back to server like: browser user agent, screen resolution, fonts list and etc. So my question would be: is it possible to inspect these scripts from client side? If yes, how?
you can list all the scripts used by newer browsers thanks to performance.getEntries():
var scripts=[].slice.call(performance.getEntries())
.map(function(a){return a.initiatorType==="script" && a.name; })
.filter(Boolean);
alert(scripts); /* on this page in console: ["http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://cdn.sstatic.net/Js/stub.en.js?v=aa4bf2e33f9d", "http://cdn.sstatic.net/Js/full.en.js?v=207a95000ab6", "http://cdn.sstatic.net/Js/snippet-javascript.en.js?v=3a04bf1d3cc0", "http://cdn.sstatic.net/Js/post-validation.en.js?v=59400b6b717e", "http://cdn-prom.sstatic.net/WinterBash/js/core.js?2", "http://cdn.sstatic.net/Js/external-editor.en.js?v=49dac339584c", "http://winterbash2014.stackexchange.com/api/is-participating?callback=wbParticipating2682405&accountId=2682405&host=stackoverflow.com&_=1418692483862", "http://cdn.sstatic.net/Js/wmd.en.js?v=988f5766f506"] */
if you know of any bad-behaving filenames, you can detect and counteract them, or feed the list of urls to something that can fetch and scan the script contents themselves; not sure what your end-goal is here...
Yes, it is possible to inspect any script on any website with the right debugging tools and time to sort through things.
For any given web site, you can run a debugger like the Chrome debugger, open the network tab and see all network requests that the browser makes. You would then have to sort through those requests to see which ones contained the information you are looking for. If you then wanted to find the scripts responsible for those requests, you'd have to work backwards in analyzing the site and scripts to figure out which script contains the code making the request.
I am not aware of any automated way to detect exactly which requests contain the information you want. Tools like Disconnect.me automatically shield your browser from some common tracking techniques of some common services, but that tool can also cause problems on some sites where the site won't then work properly.
Is it possible to get around the security and mimick either a full-browser or mobile browser within a webpage?
I had an idea to set the HTML manually, using an AJAX/XMLHttpRequest ("Get" request)
document.querySelector('#myiframe').contentWindow.document.write("<html><body>Hello
world</body></html>");
(from How to set HTML content into an iframe)
Can anyone verify this is possible? I'm guessing you would lose relevant site date (cookies, cache, etc)
Is it possible to get around the security
Yes, many browsers let you start them in a security-off mode, e.g. on chrome you run the program with the --disable-web-security flag. However, you should never ask a client to do this.
An alternative way would be to write a Java applet, or some other third-party plugin, which fetches the resources you want and then passes it over to the browser with your favourite method, from which you can use JavaScript on the data as desired. This method would lose things like cookies, and might be exploitable so I wouldn't recommend it.
mimick either a full-browser or mobile browser within a webpage?
Finally, if you don't mind the "URL bar" displaying the wrong thing when a user navigates, you could just use the default behaviour. This method is totally acceptable and doesn't circumvent any security.
How does the browser treat multiple tab? Are they completely separate entity where no interaction is possible? I understand the sandbox concept of the browser and other security concerns but is it possible for a webpage to interact with another tab in the browser?
Basically my question is: If a user loads one webpage in a new tab, is there some way to access information of other tab which is already opened or will be opened after?
I have one concept of an application which needs to know about the other tab already opened or opened after my conceptual webpage but I don't know if this is possible.
As far as I know, this isn't possible. The browser wouldn't allow you to manipulate the browser's lower functions in a regular environment. It would ignore it or show a security error come up.
I think there is no way to do that, except when both documents are written to communicate with each other (Like in vBulletin new windows). The only way to access tabs is writing Add-Ons for the browser.
There is no way to access other tabs on the client-side.
However, I can imagine a scenario in which this could be done server side. Have the user log in to your site on both tabs and use something like sockets to pass data back and forth from one tab to the other using the server as a middle-man.
If both pages are from the same domain, you can use cookies or, in HTML5, local storage.
If you own the other tabs, you can broadcast to other tabs, and other tabs can broadcast back to your tab, creating a practical communication channel among them.
This is called Inter-window messaging, and it uses LocalStorage.
To simply check if you are the active tab, use $(window).blur( ... ), or a similar technique using a library of your choice.