What context does the Javascript for XUL execute in? - javascript

Is it possible for the javascript you write for a XUL component to interact with the javascript defined in a webpage?
Eg, if a particular webpage has a dooSomethingNeat() function, can I have a button defined in a XUL overlay execute that function, or does it live in another namespace?
Put another way: if I'm looking to enhance the functionality of a website via my own code, does it make more sense to write a Firefox extension or use something like greasemonkey?

See my answer to another question here.
The webpage code does live in a 'namespace' separate from the scopes the browser code executes in.
It doesn't mean you can't access it from an extension, though.
On the other hand, running a function in a content page is not very easy to do securely at this moment.
Greasemonkey scripts (and ubiquity scripts, which can also interact with web pages) are somewhat easier to develop than extensions, and Greasemonkey already implements the required security precautions to allow you interact with web pages safely.
If you want others to use your script, packaging it as a standalone extension lowers the barrier to entry (on the other case, existing GM users may prefer simpler GM scripts to a separate extension).
So if you can implement what you need to do with a GM script or an ubiquity script, I'd say go with it. At least you can start with it, then convert to an extension when you find something you can't do with GM.
If you need features not supported by Greasemonkey or if you just want to try creating an extension, it is also a viable option.

There is a Greasemonkey-to-firefox-extension "compiler" available, but it isn't up-to-date with the latest GM changes.
However, it does have the basic GM framework for page interaction and security all wrapped up as a standalone extension, ready for you to modify and extend.
Wether to use standalone extension or GM-script depends upon who will be installing this. Will the user-base be willing to install GreaseMonkey, THEN the script? Or is the extension alone enough of an installation barrier?
The GM license does allow for repackaging it with pre-set scripts, I believe, but I can't find back citations for this, at the moment.

Related

Userscript - Replace another Javascript before it executes?

I want to create my own Userscript for Tampermonkey for a specific site I often use and I want to add some features and I want to improve some things.
Since it loads some .js files, that do some stuff I don't want to happen, I want to replace these .js files and reimplement the things I need within my Userscript.
I don't want to replace functions, I want to completely remove specific .js files from the DOM before they get executed and reimplement them in my Userscript to my preferences.
I tried to use this method: http://userscripts-mirror.org/scripts/show/125936
But it didn't work at all, no errormessages or similar, it just doesn't execute the Eventlistener, I use Chrome, could it be that this has to be implemented in another way for Chrome?
beforescriptexecute event referenced in your question isn't implemented in Chrome and probably never will be.
There is no way for a userscript in Chrome to prevent some webpage script that is referenced in the page html <script> tag from loading.
The only solution is to use an extension that blocks urls via webRequest API.
If you don't mind making your userscript dependent on another extension then use HTTP Request Blocker, Requestly and others.
For a complete solution without dependencies you'll have to make your own extension, not a userscript.

How to use a contentScriptFile from an external URI in a Firefox addon

My latest update to a Firefox addon has been rejected because I've used a custom jquery-ui (generated by their site with just the widgets I wanted) and it fails their checksum check.
Your add-on includes a JavaScript library file that doesn't match our
checksums for known release versions. We require all add-ons to use
unmodified release versions, obtained directly from the developer's
website.
We accept JQuery/JQuery-UI libraries downloaded from
'ajax.googleapis.com', 'jquery.com' or 'jqueryui.com'; and used
without any modification. (file-name change does not matter) I'm
sorry, but we cannot accept modified, re-configured or customized
libraries.
Fair enough, I could just download the full one and resubmit, but I was wondering if it is possible to link to one instead?
If I try this:
contentScriptFile: [self.data.url("https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"), self.data.url("https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.3/jquery-ui.min.js"), self.data.url("api.js")],
I get an error at runtime telling me that content scripts much be local. Both google and the API seem to be proving illusive to me for an answer.
Does anyone know if this is possible and how?
Cheers
Rich
self.data.url("https://...")
It seems like you haven't read the documentation on data.url()
It clearly states that
The data.url() method returns a resource:// url that points at an embedded data file.
Which means you cannot link to an external resource.
Does anyone know if this is possible and how?
No, contentScriptFile runs with (slightly) elevated privileges compared to regular web content, that's why you are not allowed to load scripts from sources that might change and could theoretically inject malicious code in the future.
If you want to rely on external libraries and keep them up to date you could simply write a little build script that always downloads the newest version when building a new XPI.
In principle you could just load the script via privileged XHR and then pass it as string, but that's probably not gonna pass AMO review.
And piece of personal opinion: Since you're targeting a specific browser you don't really need jquery for its cross-browser logic, modern web APIs provide lots of convenience methods that you can get pretty far just with vanilla ES6-javascript and state-of-the-art DOM APIs. Iterators and arrow functions also make bulk operations fairly concise.

Call a standalone script by a SCRIPT in a Google Docs (Document)

Call a standalone script by a SCRIPT in a Google Docs (Document)
The aim would be to create a few sort of "Add-on Custom" which is only my documents created with Google Docs Prototype containing a script with a few command line calling a standalone script .
Hi,
Right now, only container-bounded scripts can use "advanced" interactions (create menus, prompts, etc) on a container Spreadsheet, Docs or Forms.
I'd like this ability on a standalone script!
The primary use-case for this is to allow developing and maintain a single script that is used in multiple documents. Because right now, if we have a script that does some nice things on a Spreadsheet (or any other container) we face two major problems.
First, it's very difficult to distribute your script. It often involves multiple steps a end-user have difficulty to do, or have them create the document from a template you setup previously.
And the second problem is maintaining/updating a distributed script, because we have one independent copy on each file. And even if you have access to all files, updating is a nightmare. Even if you use libraries and just need to get in to each one to update the library number (since the library development mode only works if all the users have edit permissions on your library, which is crazy).
If we could have a single standalone script that we, the developers, could control the update/deployment version for all our users/documents, just like we do for web-apps, it would be great!
Lolo
Its called apps script libraries. Check the docs for more detail.
https://developers.google.com/apps-script/guide_libraries

Chrome, firefox, or opera preload changes

Is there any way to "edit" a "server side" javascript file in one of the mentioned browsers that will save the js edits on the client side and replace the server side scripts?
Basically I want to edit the javascripts on the server. Obviously I can't save them on the server so they need to be saved on the client side(my computer) and the browser needs to load my scripts instead.
It shouldn't be hard to do at all but I've not been able to find any way to accomplish this.
Edit:
I want to modify the javascript's from a site I do not own or have write access too. e.g.,
Html page uses some javascript page on server. I want to modify this javascript file(the actual file).
I can download and save the javascript file BUT the html page will always use the one on the server because that is what is in the script tag. I need to modify the script tag of the html page to point to the local javascript file BEFORE the html page's scripts are executed(else the javascript from the server will be used).
here, for example, is a script tag from SE:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
It uses a non-local javascript file. I need to replace this line with my own line before any javascript is executed. It would like like:
<script type="text/javascript" src="file://C:/temp/myjquery.min.js"></script>
or whatever. (this way, I can modify the jquery file and have it execute my own version of the one on the server)
I, could, ofcourse, download the html file and modify it BUT then php code may not work among other things. (for example, relative links will be broke)
this is usually very easy in Opera: Just view source, edit what you want and use the special "Tools > Advanced > Reload from cache" command instead of a normal reload. Voila, you'll be running the site with your modified scripts..
(There are some exceptions, related to specific no-caching techniques some sites use it won't work 100% for all files - but it certainly should work for anything served from googleapis.com)
I think what you're looking for is something like LiveReload
It allows you to edit css files and have the browser apply the changes without refreshing the browser.
The windows version is in alpha right now but the Mac version works quite well for CSS.
I don't know if it does Javascript but I think it might.
You could also try the Chrome DevTools. It's a chrome extension that does just what you want with javascript and css.
No problem, you want to use bookmark-lets for this. Indeed it is easy, just remember to use an anonymous autoexecuting function: javascript:(function(){ //commands })();
In the sane good old day's one could even place this javascript directly into your addresses, but nowaday's some browser-builders (like firefox we coders USED to trust in the old day's) are being a 'good boy' and listen to facebook's 'demands' to kill normal standard functionality in favor of their lack on comprehending closures... But alas..
Ofcourse you could also create a bookmark to fix firefox's insanity, again reclaiming power to the user :)
Every time you visit the site, you click your bookmarklet. Done.
One can even make it 'memory resistant' for as long als you are on the same page (if you really want to). Naturally power is with the user/visitor AS IT SHOULD BE, not with the webmaster (who already publicly shared whatever info).
You might also look into greasemonky on firefox and comparable solutions.
Good luck
Build a string on the server side to write all your javascript code on the server side.

Is it safe to use jQuery and jQuery-UI with Google Chrome extensions?

I'm going to write a simple chrome extension using jQuery and jQuery UI. Before I start, however, I want to know: what might happen if a web page that my extension is going to interact with also uses this libraries? Can there be any conflicts (e.g. CSS for my jQuery-UI theme messing up the page's jQuery-UI theme)?
Javascript is sandboxed so there will be no conflicts, but CSS isn't, so any styles on parent site will affect your styling and vice versa (aka a nightmare).
Yes there can be conflicts, however you can prevent them. When you are setting up a theme, you need to download it with a namespace(you can find that setting in the right column of the jquery ui custom download page), and then use that namespace in your extension. The only possible issue at that point is if the site that is being viewed uses the same namespace that you choose, so make sure you choose something that won't have that problem.
It depends what type of extension you are making. If you are making a replacement for an existing Chrome page, well, it will be a full replacement (http://code.google.com/chrome/extensions/override.html). If it is a popup through either page (http://code.google.com/chrome/extensions/pageAction.html) or browser (http://code.google.com/chrome/extensions/browserAction.html) action, then again, you will have no conflicts because all of your code is sandboxed to itself.
The only time I can think of that you will run into an issue is if you are using content scripts (http://code.google.com/chrome/extensions/content_scripts.html), or actually injecting your code into the page by other means. Then, yes there could be conflicts, as the browser now runs your code along side the web sites code. Depending on what you need to do, you could try injecting your code as an iframe, but that will also prevent it from interacting with said web page.
<iframe src="yourPageUrl" height="iframeHeight" width="iframeWidth" style="border:none;"></iframe>
So without knowing what your extension's purpose was, it would be hard to know exactly how to help.

Categories