Code Monkey home page Code Monkey logo

Comments (5)

gera2ld avatar gera2ld commented on August 17, 2024 3

Monkeypatching the window object may appear to work but does not actually do anything useful.

Exactly.

We have two worlds when injecting the script: page (the same as normal page scripts, restricted by CSP) and content (the same as the extension's scripts, not affected by CSP). Each world has its own window.

When blocked by the CSP, we cannot inject into page, so we use content as a fallback. As a result, any modification to window will not work since it's now window from content but we expect to modify the window from page.

Both worlds have access to the DOM (elements, CSS) but the JavaScript is isolated. So you can still add elements to the page. But you cannot monkeypatch or access the JavaScript objects from the window from page.

Is it possible for the library (or calling script) to detect this and log it?

It is not a good idea for this library to do this because it doesn't have to be used in a userscript.
However, you can do it easily in your script:

// Note: `injectInfo` is only available in Violentmonkey, it might be `undefined` in other script managers
if (GM_info.injectInto === 'content') {
  console.log('Injecting into `content` world. Monkeypatching will not work.');
}

from vm-url.

gera2ld avatar gera2ld commented on August 17, 2024 2

Violentmonkey is blocked by GitHub CSP in Firefox. It has nothing to do with this library itself.
Tampermonkey bypasses the issue by modifying the CSP which we'd rather not.
See violentmonkey/violentmonkey#1001

from vm-url.

nexushoratio avatar nexushoratio commented on August 17, 2024

Is it possible for the library (or calling script) to detect this and log it?

And what does it mean to be blocked in this case? I have used VM to do other things on GitHub like adding elements to the page. And I have made an extensive userscript for LinkedIn where I do all sorts of things, but only VM.url hasn't worked for me there.

I'm still new to this whole HTML/JS/CSS world and have not run into CSP issues before.

from vm-url.

nexushoratio avatar nexushoratio commented on August 17, 2024

Still researching, but I guess it boils down to this:

Monkeypatching the window object may appear to work but does not actually do anything useful.

from vm-url.

nexushoratio avatar nexushoratio commented on August 17, 2024

TYVM!

from vm-url.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.