Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Hijacking a variable with a userscript for Chrome

I'm trying to change the variable in a page using a userscript. I know that in the source code there is a variable

var smilies = false;

In theory I should be able to change it like that:

unsafeWindow.smilies = true;

But it doesn't work. When I'm trying to alert or log the variable to the console without hijacking I get that it's undefined.

alert(unsafeWindow.smilies); // undefined !!!

EDIT: I'm using Chrome if it changes anything...

http://code.google.com/chrome/extensions/content_scripts.html says:

Content scripts execute in a special environment called an isolated world. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page. It looks to each content script as if there is no other JavaScript executing on the page it is running on.

It's about Chrome Extensions but I guess it's the same story with Userscripts too?

Thank you, Rob W. So the working code for people who need it:

var scriptText = "smilies = true;";
var rwscript = document.createElement("script");
rwscript.type = "text/javascript";
rwscript.textContent = scriptText;
document.documentElement.appendChild(rwscript);
rwscript.parentNode.removeChild(rwscript);
like image 558
Badr Hari Avatar asked May 07 '12 16:05

Badr Hari


1 Answers

In Content scripts (Chrome extensions), there's a strict separation between the page's global window object, and the content script's global object.

  • To inject the code, a script tag has to be injected.
  • Overwriting a variable is straightforward.
    Overwriting a variable, with the intention of preventing the variable from being overwritten requires the use of Object.defineProperty Example + notes.

The final Content script's code:

// This function is going to be stringified, and injected in the page
var code = function() {
    // window is identical to the page's window, since this script is injected
    Object.defineProperty(window, 'smilies', {
        value: true
    });
    // Or simply: window.smilies = true;
};
var script = document.createElement('script');
script.textContent = '(' + code + ')()';
(document.head||document.documentElement).appendChild(script);
script.parentNode.removeChild(script);
like image 71
Rob W Avatar answered Oct 18 '22 15:10

Rob W