UserScripts & Greasemonkey: calling a website’s JavaScript functions

by

Background

Doesn’t Greasemonkey inject my extensions JavaScript already? Can someone clarify this for me please.

Greasemonkey executes your scripts in a sandbox, which is a restricted environment without direct access to the JavaScript in the page. Earlier versions of Greasemonkey injected scripts directly into the page, but this introduced serious security vulnerabilities. In the old model, scripts ran with the elevated rights of the browser chrome, which allowed remote pages to access Greasemonkey’s built-in functions using some clever JavaScript. This was bad:

Greasemonkey scripts contained their own GM_xmlhttprequest object which, unlike a normal xmlttprequest object, could access any local files one one’s computer or make arbitrary requests to arbitrary sites without regard for the same origin policy that typically applies to xmlhttprequest. (source)

When you access the window object from a Greasemonkey script today, what you get is a wrapper object that indirectly references the actual window‘s properties. This wrapper object can be modified safely, but has important limitations. Access to the actual window object is provided by unsafeWindow (shorthand for window.wrappedJSObject). Use of unsafeWindow re-opens all of Greasemonkey’s original security problems and isn’t available in Chrome. It should be avoided wherever possible.

The good news: there are at least two ways to work with Greasemonkey’s new security model in a safe way.

Script Injection

Now that Greasemonkey scripts can safely access the DOM, it’s trivial to inject a <script> tag into the <head> of the target document. Create a function like this:

function exec(fn) {
    var script = document.createElement('script');
    script.setAttribute("type", "application/javascript");
    script.textContent="(" + fn + ')();';
    document.body.appendChild(script); // run the script
    document.body.removeChild(script); // clean up
}

It’s simple to use:

exec(function() {
    return Grooveshark.playNextSong();
});

Location Hack

Script injection may be overkill in some cases, especially when all you need is to modify the value of a variable in the page or execute a single function. The Location Hack leverages javascript: URLs to access code in the document’s content. It’s a lot like running a bookmarklet from within a Greasemonkey script. 

location.assign("javascript:Grooveshark.playNextSong();void(0)");

Bonus Script

Here’s a complete Greasemonkey script that demonstrates the examples above. You can run it on this page.

// ==UserScript==
// @name           Content Function Test
// @namespace      lwburk
// @include        http://stackoverflow.com/questions/5006460/userscripts-greasemonkey-calling-a-websites-javascript-functions
// ==/UserScript==

function exec(fn) {
    var script = document.createElement('script');
    script.setAttribute("type", "application/javascript");
    script.textContent="(" + fn + ')();';
    document.body.appendChild(script); // run the script
    document.body.removeChild(script); // clean up
}

window.addEventListener("load", function() {
    // script injection
    exec(function() {
        // alerts true if you're registered with Stack Overflow
        alert('registered? ' + isRegistered);
    });
    // location hack
    location.assign("javascript:alert('registered? ' + isRegistered);void(0)");
}, false);

More Related Contents:

  1. Injecting JS functions into the page from a Greasemonkey script on Chrome
  2. How to use GM_xmlhttpRequest in Injected Code?
  3. Removing an anonymous event listener
  4. Why is window (and unsafeWindow) not the same from a userscript as from a tag?
  5. Can a website know if I am running a userscript?
  6. Simulating a mousedown, click, mouseup sequence in Tampermonkey?
  7. How to change a class CSS with a Greasemonkey/Tampermonkey script?
  8. Save images to hard disk WITHOUT prompt?
  9. How can I load a shared web worker with a user-script?
  10. Is there any way of passing additional data via custom events?
  11. How to override the alert function with a userscript?
  12. Clicking a button on a page using a Greasemonkey/userscript in Chrome
  13. Chrome userscript error: “Unsafe JavaScript attempt to access frame”
  14. Use a content script to access the page context variables and functions
  15. “Cannot read property of undefined” when using chrome.tabs or other chrome API in content script
  16. Getting around X-Frame-Options DENY in a Chrome extension?
  17. How can I intercept XMLHttpRequests from a Greasemonkey script?
  18. Taking screenshot using javascript for chrome extensions
  19. Userscript to wait for page to load before executing code techniques?
  20. How can I detect visited and unvisited links on a page?
  21. Chrome Extension – Passing object from page to context script
  22. How can two instances of a userscript communicate between frames?
  23. How to simulate typing in input field using jQuery?
  24. Storing user login/password input in a Greasemonkey script on install
  25. Cross-Origin XMLHttpRequest in chrome extensions
  26. How do I click on this button with Greasemonkey?
  27. Obtaining “this” tab ID from content script in Chrome extension?
  28. Passing object from injected page script to content script
  29. executeScript is undefined or not a function in a ManifestV3 extension
  30. Published extension doesn’t work with chrome API listeners inside onInstalled

Leave a Comment