<p>I'm creating a UserScript extension for Firefox & Chrome and I'm trying to use some of the code in the website's JavaScript, e.g.:</p> <pre class="prettyprint"><code>function: myFunction(){ return Grooveshark.playNextSong(); } </code></pre> <p>The problem is when I test this code, <code>Grooveshark</code> is a null reference.</p> <p>I know there are other people who have done it:</p> <p>see BetterGrooveshark</p> <p>But I don't know why my simple extension can't call Grooveshark's JavaScript functions.</p> <p>Do I need to 'append' my script to the document in order for this to work?: <code>document.document.body.appendChild(script);</code></p> <p>Doesn't Greasemonkey inject my extensions JavaScript already? Can someone clarify this for me please.</p> <p>Thanks.</p>

<p>Functions and variables declared in your GreaseMonkey scripts (and Chrome's user scripts) are kept separate from the ones declared by the web page, for obvious reasons. For GM scripts in Firefox, you can access global variables via <code>unsafeWindow</code>.</p> <p>The best approach for safety and compatibility is to inject your functions into the page using a script element.&ensp;I use the following snippet in my user scripts:</p> <pre class="prettyprint"><code>function addFunction(func, exec) { var script = document.createElement("script"); script.textContent = "-" + func + (exec ? "()" : ""); document.body.appendChild(script); } </code></pre> <p>The <code>"-"</code> here makes certain the function is parsed as an expression so that <code>exec</code> can be used to immediately execute upon adding it.&ensp;You call the function like so:</p> <pre class="prettyprint"><code>function myFunction () { return Grooveshark.playNextSong(); } // Inject the function and execute it: addFunction(myFunction, true); </code></pre>

<h3>Background</h3> <blockquote> <p>Doesn't Greasemonkey inject my extensions JavaScript already? Can someone clarify this for me please.</p> </blockquote> <p>Greasemonkey executes your scripts in a sandbox, which is a restricted environment without direct access to the JavaScript in the page. Earlier versions of Greasemonkey injected scripts directly into the page, but this introduced serious security vulnerabilities. In the old model, scripts ran with the elevated rights of the browser chrome, which allowed remote pages to access Greasemonkey's built-in functions using some clever JavaScript. This was bad:</p> <blockquote> <p>Greasemonkey scripts contained their own GM_xmlhttprequest object which, unlike a normal xmlttprequest object, could access any local files one one's computer or make arbitrary requests to arbitrary sites without regard for the same origin policy that typically applies to xmlhttprequest. (source)</p> </blockquote> <p>When you access the <code>window</code> object from a Greasemonkey script today, what you get is a wrapper object that indirectly references the actual <code>window</code>'s properties. This wrapper object can be modified safely, but has important limitations. Access to the actual window object is provided by <code>unsafeWindow</code> (shorthand for <code>window.wrappedJSObject</code>). Use of <code>unsafeWindow</code> re-opens all of Greasemonkey's original security problems and isn't available in Chrome. It should be avoided wherever possible.</p> <p>The good news: there are at least two ways to work with Greasemonkey's new security model in a safe way.</p> <h3>Script Injection</h3> <p>Now that Greasemonkey scripts can safely access the DOM, it's trivial to inject a <code><script></code> tag into the <code><head></code> of the target document. Create a function like this:</p> <pre class="prettyprint"><code>function exec(fn) { var script = document.createElement('script'); script.setAttribute("type", "application/javascript"); script.textContent = '(' + fn + ')();'; document.body.appendChild(script); // run the script document.body.removeChild(script); // clean up } </code></pre> <p>It's simple to use:</p> <pre class="prettyprint"><code>exec(function() { return Grooveshark.playNextSong(); }); </code></pre> <h3>Location Hack</h3> <p>Script injection may be overkill in some cases, especially when all you need is to modify the value of a variable in the page or execute a single function. The Location Hack leverages <code>javascript:</code> URLs to access code in the document's content. It's a lot like running a bookmarklet from within a Greasemonkey script. </p> <pre class="prettyprint"><code>location.assign("javascript:Grooveshark.playNextSong();void(0)"); </code></pre> <h3>Bonus Script</h3> <p>Here's a complete Greasemonkey script that demonstrates the examples above. You can run it on this page.</p> <pre class="prettyprint"><code>// ==UserScript== // @name Content Function Test // @namespace lwburk // @include http://stackoverflow.com/questions/5006460/userscripts-greasemonkey-calling-a-websites-javascript-functions // ==/UserScript== function exec(fn) { var script = document.createElement('script'); script.setAttribute("type", "application/javascript"); script.textContent = '(' + fn + ')();'; document.body.appendChild(script); // run the script document.body.removeChild(script); // clean up } window.addEventListener("load", function() { // script injection exec(function() { // alerts true if you're registered with Stack Overflow alert('registered? ' + isRegistered); }); // location hack location.assign("javascript:alert('registered? ' + isRegistered);void(0)"); }, false); </code></pre>

UserScripts & Greasemonkey: calling a website's JavaScript functions

I'm creating a UserScript extension for Firefox & Chrome and I'm trying to use some of the code in the website's JavaScript, e.g.:

function: myFunction(){     return  Grooveshark.playNextSong(); }

The problem is when I test this code, Grooveshark is a null reference.

I know there are other people who have done it:

see BetterGrooveshark

But I don't know why my simple extension can't call Grooveshark's JavaScript functions.

Do I need to 'append' my script to the document in order for this to work?: document.document.body.appendChild(script);

Doesn't Greasemonkey inject my extensions JavaScript already? Can someone clarify this for me please.

Thanks.

What can I do with userscripts?

You can think of them as a cosmetic makeover of the web apps that you use. Userscripts are browser-specific and website-specific; a particular script, if installed and supported by your browser, will work only for a particular website (or a group of websites).

Functions and variables declared in your GreaseMonkey scripts (and Chrome's user scripts) are kept separate from the ones declared by the web page, for obvious reasons. For GM scripts in Firefox, you can access global variables via unsafeWindow.

The best approach for safety and compatibility is to inject your functions into the page using a script element. I use the following snippet in my user scripts:

function addFunction(func, exec) {   var script = document.createElement("script");   script.textContent = "-" + func + (exec ? "()" : "");   document.body.appendChild(script); }

The "-" here makes certain the function is parsed as an expression so that exec can be used to immediately execute upon adding it. You call the function like so:

function myFunction () {     return Grooveshark.playNextSong(); }  // Inject the function and execute it: addFunction(myFunction, true);

Background

Doesn't Greasemonkey inject my extensions JavaScript already? Can someone clarify this for me please.

Greasemonkey executes your scripts in a sandbox, which is a restricted environment without direct access to the JavaScript in the page. Earlier versions of Greasemonkey injected scripts directly into the page, but this introduced serious security vulnerabilities. In the old model, scripts ran with the elevated rights of the browser chrome, which allowed remote pages to access Greasemonkey's built-in functions using some clever JavaScript. This was bad:

Greasemonkey scripts contained their own GM_xmlhttprequest object which, unlike a normal xmlttprequest object, could access any local files one one's computer or make arbitrary requests to arbitrary sites without regard for the same origin policy that typically applies to xmlhttprequest. (source)

When you access the window object from a Greasemonkey script today, what you get is a wrapper object that indirectly references the actual window's properties. This wrapper object can be modified safely, but has important limitations. Access to the actual window object is provided by unsafeWindow (shorthand for window.wrappedJSObject). Use of unsafeWindow re-opens all of Greasemonkey's original security problems and isn't available in Chrome. It should be avoided wherever possible.

The good news: there are at least two ways to work with Greasemonkey's new security model in a safe way.

Script Injection

Now that Greasemonkey scripts can safely access the DOM, it's trivial to inject a <script> tag into the <head> of the target document. Create a function like this:

function exec(fn) {     var script = document.createElement('script');     script.setAttribute("type", "application/javascript");     script.textContent = '(' + fn + ')();';     document.body.appendChild(script); // run the script     document.body.removeChild(script); // clean up }

It's simple to use:

exec(function() {     return Grooveshark.playNextSong(); });

Location Hack

Script injection may be overkill in some cases, especially when all you need is to modify the value of a variable in the page or execute a single function. The Location Hack leverages javascript: URLs to access code in the document's content. It's a lot like running a bookmarklet from within a Greasemonkey script.

location.assign("javascript:Grooveshark.playNextSong();void(0)");

Bonus Script

Here's a complete Greasemonkey script that demonstrates the examples above. You can run it on this page.

// ==UserScript== // @name           Content Function Test // @namespace      lwburk // @include        http://stackoverflow.com/questions/5006460/userscripts-greasemonkey-calling-a-websites-javascript-functions // ==/UserScript==  function exec(fn) {     var script = document.createElement('script');     script.setAttribute("type", "application/javascript");     script.textContent = '(' + fn + ')();';     document.body.appendChild(script); // run the script     document.body.removeChild(script); // clean up }  window.addEventListener("load", function() {     // script injection     exec(function() {         // alerts true if you're registered with Stack Overflow         alert('registered? ' + isRegistered);     });     // location hack     location.assign("javascript:alert('registered? ' + isRegistered);void(0)"); }, false);

UserScripts & Greasemonkey: calling a website's JavaScript functions

Tags:

javascript

google-chrome-extension

greasemonkey

userscripts

sebastian

People also ask

2 Answers

Andy E

Background

Script Injection

Location Hack

Bonus Script

Wayne

Recent Activity

Donate For Us

UserScripts & Greasemonkey: calling a website's JavaScript functions

Tags:

javascript

google-chrome-extension

greasemonkey

userscripts

sebastian

People also ask

2 Answers

Andy E

Background

Script Injection

Location Hack

Bonus Script

Wayne

Related questions

Recent Activity

Donate For Us