Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Accessing document's javascript variable from firefox extension

Tags:

javascript

firefox-addon

is it possible for Firefox extension (toolbar) to access document's variables? detailed explanation follows..

loaded document:

<script type="text/javascript">
var variableForExtension = 'something';
</script>

extension:

var win = window.top.getBrowser().selectedBrowser.contentWindow;
alert(win.variableForExtension); // undefined

it was first thing to try, and it's inaccessible this way because of security mechanisms (XPCNativeWrapper). i've read about accessing it trough wrappedJSObject and using events (adding listener to document and dispatching event from extension), but no luck. didn't try too hard, though. so, before i dig deeper ('events method' sounds like a way to go) i'd like to know is this even possible?

thanks

like image 339
parserr Avatar asked Jan 20 '10 17:01

parserr

2 Answers

not so hard :)

in extension:

var jso=window.content.document.defaultView.wrappedJSObject;

now you can access any function or global variable in the webpage from the extension:

alert(jso.pagevar);

jso.pagefunction("hey");
like image 35
squeegee Avatar answered Oct 23 '22 06:10

squeegee

Yes, accessing a JS variable in content is and always was possible. Doing this the naive way wasn't safe (in the sense that a malicious web page could get chrome privileges) in older Firefox versions.

1) If you control the web page and want to pass information to the extension, you should indeed use the events technique. This worked and was/is safe in all Firefox versions.

2) If you want to read a value from the content document, you can just bypass the XPCNativeWrapper:

var win = window.top.getBrowser().selectedBrowser.contentWindow;
// By the way, this could just be
//   var win = content;
// or 
//   var win = gBrowser.contentWindow;
alert(win.variableForExtension); // undefined
win.wrappedJSObject.variableForExtension // voila!

This was unsafe prior to Firefox 3. In Firefox 3 and later it is OK to use, you get another kind of wrapper (XPCSafeJSObjectWrapper), which looks the same as the object from the content page to your code, but ensures the content page won't be able to do anything malicious.

3) If you need to call a function in a content web page or run your own code in the page's context, it's more complicated. It was asked and answered elsewhere many times, but unfortunately never documented fully. Since this is unrelated to your question, I won't go into the details.

like image 152
Nickolay Avatar answered Oct 23 '22 07:10

Nickolay
Sign in to Comment

Related questions

How to preload script using integrity and crossorigin
Angular RxJS: conditional operator (if else)
How to get full current date and time in Vue.js without writing massive JavaScript lines
How to copy the month value from one Date object to another? [duplicate]
Material Autocomplete does not work with InputProps
WebRTC getting Failed to execute 'addIceCandidate' on RTCPeerConnection error on console but can still display remote and local videos
TypeORM insert with relationId
I want to get combine data of two arrays using for loop in javascript [duplicate]
Looking for help to make npm/pdfjs-dist work with Webpack and Django
In Bootstrap v5.0.0-alpha1 what can I use for media (BS 3/4)?
JavaScript - How to Map a list of names to a specified key using reduce
Javascript and CSS parsing performance
Why is my TinyMCE hidden textarea acting up?
Handling no results in jquery autocomplete
Curious: is it possible to have dynamic Ajax data variable names?
Javascript Regular Expression to match 5 or 9 digit zipcode
Wrapping a div around the document body contents
How to monitor the changes in the url (Fragment identifier - the anchor portion of a URL )
How to move OpenLayers Vector programmatically?
Alternative to cookies

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!