Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chrome extension: loading a hidden page (without iframe)

Tags:

google-chrome

google-chrome-extension

Is there a way to load a page, hidden from the user?

I can't use an iframe in a background page, because the page has frame-busting techniques.

I can't use an XHR, because the page has AJAX - I need its (dynamically generated) DOM.

like image 467
Chris Broadfoot Avatar asked Jun 25 '13 13:06

Chris Broadfoot

2 Answers

I'm afraid that you don't have any other option than inserting the iframe anyway. To bust the iframe buster, you can employ the following techniques:

  • If the iframe is blocked by the X-Frames-Option: DENY, just remove the header using the webRequest API - see Getting around X-Frame-Options DENY in a Chrome extension?.

  • If the frame buster uses something like

    if (top !== self) {
    top.location.href = location.href;
}

    Then block the scripted navigation by set the sandbox attribute on the iframe:

    var frame = document.createElement('iframe');
frame.sandbox = 'allow-scripts';
frame.src = 'data:text/html,<script>' +
    'if (top !== self) { top.location.href = location.href;}' +
    'alert(" (runs the rest of the code) ");' + 
    '</script>';
document.body.appendChild(frame);

    Navigation will be blocked without throwing any errors. The following message is logged to the console though:

    Unsafe JavaScript attempt to initiate navigation for frame with URL '(...URL of top page...)' from frame with URL '(....URL of frame..)'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.

These methods will always work, unless:

  • The page contains <meta http-equiv="X-Frame-Options" content="deny">.
  • The frame busting script is implemented as if (top === self) { /* run code*/ }

In these cases, you have no other option than opening a new tab, read its content, then close it. See chrome.tabs.create and chrome.tabs.remove.

like image 179
Rob W Avatar answered Nov 09 '22 19:11

Rob W

You can use popUnder s to load data:

var win2;
function loadPopUnder(){
win2 = window.open("about:blank","",
    width=150,height=150,scrollbars=0,resizable=0,toolbar=0,location=0,menubar=0,status=0,directories=0");
    win2.blur();
    window.focus()
}

win2.document.location.href='http://www.exampe.com/url';

Actually they may open in a new tab in certain circumstances - you have to check the actual behavior.

Also it is an advantage that this one is a browser independent solution.

like image 43
gaborsch Avatar answered Nov 09 '22 19:11

gaborsch
Sign in to Comment

Related questions

Video element disappears in Chrome when not using controls
Chrome Extension: Hide and show the browser action icon
Google Chrome does not want to play mp4 using mediaelement.js
How to safely close Google Chrome programmatically
Last option in Drop-down is not getting hover effect in Google Chrome 32.0.1700.76 m
Using browser's certificate in java program
profiling anonymous javascript functions (chrome)
Is possible to spoof user-agent and OS with Chrome?
Can't Chrome's speechSynthesis work offline?
SVG images not loading on Chrome (sometimes)
Why copy function is not working inside setTimeout?
Can't get into Google Analytics without going into incognito
Get Google Chrome's root bookmarks folder
Skip links not working in Chrome
Input field leaving artifacts from CSS3 transition (in Chrome 15)
Issue with downloading PDF from S3 on Chrome
'window.open' blocked by Firefox
z-index chrome bug
Chrome says my website contains malware?
Change JavaScript files on Google Chrome's Developer Tools [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!