Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Chrome extension: loading a hidden page (without iframe)

Is there a way to load a page, hidden from the user?

I can't use an iframe in a background page, because the page has frame-busting techniques.

I can't use an XHR, because the page has AJAX - I need its (dynamically generated) DOM.

like image 467
Chris Broadfoot Avatar asked Jun 25 '13 13:06

Chris Broadfoot


2 Answers

I'm afraid that you don't have any other option than inserting the iframe anyway. To bust the iframe buster, you can employ the following techniques:

  • If the iframe is blocked by the X-Frames-Option: DENY, just remove the header using the webRequest API - see Getting around X-Frame-Options DENY in a Chrome extension?.
  • If the frame buster uses something like

    if (top !== self) {
        top.location.href = location.href;
    }
    

    Then block the scripted navigation by set the sandbox attribute on the iframe:

    var frame = document.createElement('iframe');
    frame.sandbox = 'allow-scripts';
    frame.src = 'data:text/html,<script>' +
        'if (top !== self) { top.location.href = location.href;}' +
        'alert(" (runs the rest of the code) ");' + 
        '</script>';
    document.body.appendChild(frame);
    

    Navigation will be blocked without throwing any errors. The following message is logged to the console though:

    Unsafe JavaScript attempt to initiate navigation for frame with URL '(...URL of top page...)' from frame with URL '(....URL of frame..)'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.

These methods will always work, unless:

  • The page contains <meta http-equiv="X-Frame-Options" content="deny">.
  • The frame busting script is implemented as if (top === self) { /* run code*/ }

In these cases, you have no other option than opening a new tab, read its content, then close it. See chrome.tabs.create and chrome.tabs.remove.

like image 179
Rob W Avatar answered Nov 09 '22 19:11

Rob W


You can use popUnder s to load data:

var win2;
function loadPopUnder(){
win2 = window.open("about:blank","",
    width=150,height=150,scrollbars=0,resizable=0,toolbar=0,location=0,menubar=0,status=0,directories=0");
    win2.blur();
    window.focus()
}

win2.document.location.href='http://www.exampe.com/url';

Actually they may open in a new tab in certain circumstances - you have to check the actual behavior.

Also it is an advantage that this one is a browser independent solution.

like image 43
gaborsch Avatar answered Nov 09 '22 19:11

gaborsch