• chrome extension无法获取window对象

    背景见上一篇博客修改网页内容的方法
    上一篇博客之后,我要修改的网页有一个新改版,然后有个数据存在了window中,我直接在js中使用window.xxx发现无法获取。所以有本文。

    https://juejin.cn/post/7145749643316428830
    https://onelinerhub.com/chrome-extension/window_object#:~:text=chrome-extension%20How%20to%20access%20or%20modify%20window%20object,%3D%20%27console.log%20%28window%29%3B%27%3B%20%28document.head%7C%7Cdocument.documentElement%29.appendChild%20%28script%29%3B%20ctrl%20%2B%20c

    搜了一下发现有两种方法,如上,大概就是:

    方法1

    var script = document.createElement('script');
script.textContent = 'console.log(window);';
(document.head||document.documentElement).appendChild(script);

    • 1
    • 2
    • 3

    出现报错:

    extensions_version_page.js:6 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-XnQUOdrKm+cYqdkT/ljnkhjaYaitt2Xh3uRQxH/M9z0='), or a nonce ('nonce-...') is required to enable inline execution.

    • 1

    方法2

    {
  "name": "yeshen_extresion",
  "version": "1.0",
  "description": "yeshen test",
  "manifest_version": 3,
  "web_accessible_resource": [
    {
      "resources": [
        "assets/*",
        "js/contentScript.js"
      ]
    }
  ],
  "content_scripts": [
    {
      "matches": [
        "https://innovation.pm.netease.com/v6/issues/*",
        "https://web.pm.netease.com/v6/issues/*",
        "https://uu.pm.netease.com/v6/issues/*",
        "https://msdk.pm.netease.com/v6/issues/*"
      ],
      "js": [
        "extensions_issue_page.js"
      ],
      "run_at": "document_start"
    },
  ]
}

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-XnQUOdrKm+cYqdkT/ljnkhjaYaitt2Xh3uRQxH/M9z0='), or a nonce ('nonce-...') is required to enable inline execution.

    • 1

    报错比较清晰,就是注入的代码和原有代码不在一个域下,无法操作/注入javascript对象

    最后我是这样做的:

    我的方法一

    从其他页面获取这个数据,在url参数中携带这个信息;

    我的方法二

    dom节点中获取第一个元素信息,然后通过网络请求,重新请求需要的数据。

  • 相关阅读:
    MARKDOWN 文档图片编码嵌入方案
    将闲置的windows硬盘通过smb共享的方式提供给mac作为时间机器备份
    测试/开发程序员喜欢跳槽?跳了就能涨工资吗?
    tvdi遥感与envi,arcgis
    JVM(Java虚拟机)练习题目大全
    maven
    版本特性 | Cloudpods v3.9重点功能介绍
    pico学习进程记录已经开发项目
    orchestrator常见问题汇总
    xctf攻防世界 Web高手进阶区 ics-05
  • 原文地址:https://blog.csdn.net/yeshennet/article/details/132654966