chrome extension remove script tags

Question

i looked everywhere trying to find an answer to this question. i want my extension to either disable all javascript on the page BUT to allow the insertion of a cotent script that will work. (so chrome.contentSettings.javascript is not a valid option for now) Alternatively i want a way to remove all script tags before any of them fire (which is kinda the same thing)

i tried inserting content scripts to runat:document_start but the dom is not fully there at the time. itried adding a conte t s ript on tabs.onUpdate when state is loading but that is too late and as well as content scripts at document_end (all of which who try to remove script tags) but it is still too late. in an act of desperation i tried altering the behavior of the getters and setters of element.innerHTML to. remove the tags but that did not work as well

i am trying to avoid sending an xhr request to location.href and parse and re_set the content as that is too intensive.

any ideas?

Answer 1

After seeing your comments I think this might suit your needs. It works by getting the page's source, render it to a DOM, disable all the JS and then put it back into the page. Not exactly what you wanted but should suit your case well...

mainfest.json

{
  "name": "Reload and Kill JS - Using a content script",
  "version": "1.0",
  "permissions": [
    "tabs", "<all_urls>" , "storage"
  ],
  "background": {
    "scripts": ["background.js"]
  },
   "content_scripts": [
    {
      "matches": ["<all_urls>"],
      "js": ["injectedCode.js"],
      "run_at" : "document_start"
    }
  ],
  "minimum_chrome_version" : "20",
  "manifest_version" : 2
}

background.js

chrome.storage.local.set({"blockhttp://paez.kodingen.com/":true});

injectedCode.js

reloadAndKillJS = function() {
    document.documentElement.innerHTML = 'Reloading Page...';
    
    var xhr = new XMLHttpRequest();
    
    xhr.open('GET', window.location.href, true);
    
    xhr.onerror = function() {
        document.documentElement.innerHTML = 'Error getting Page';
    }
    
    xhr.onload = function() {
        var page = document.implementation.createHTMLDocument("");
        page.documentElement.innerHTML = this.responseText;
    
        var newPage = document.importNode(page.documentElement,true);
    
        var nodeList = newPage.querySelectorAll('script');
        for (var i = 0; i < nodeList.length; ++i) {
            var node = nodeList[i];
            if (node.src) {
                node.setAttribute('original-src', node.src);
                node.removeAttribute('src');
            }
            node.innerText = '';
        }
    
        document.replaceChild(newPage, document.documentElement);
        delete page;
    
        // Do your thing here
    }
    
    xhr.send();
}
    
   
chrome.storage.local.get("block"+window.location.href,function(items) 
{
    if (items["block"+window.location.href]){
        window.stop();
        reloadAndKillJS();  
    }
});

Answer 2

Well, the only way to truly prevent scripts is with contentSettings. So you need to put your code somewhere else, in another domain, since contentSettings rules can be applied for specific URL's.

Put you content script to run at document start.

contentScript.js:

window.stop();
document.all[0].innerHTML = "\
<html>\
    <body>\
        <iframe src=\"chrome-extension://ID/inject.html?url="+encodeURIComponent(location.href)+"\"></iframe>\
    </body>\
</html>";

inject.html:

<html>
<head>
<script>
    var frame = document.querySelector('iframe');
    frame.src = location.search.replace('?url=', '');
    frame.onload = function() {
        //Your stuff here
    }
</script>
</head>
<body>
    <iframe></iframe>
</body>
<html>

Now your code is in a parent frame and in another domain, but it may cause some CORS issues which you can try found some workarounds later. Give a try, then tell me if there's something to fix.