尽管使用了@match和@include设置,Chrome用户仍然在所有页面上触发 [英] Chrome userscript fires on all pages despite @match and @include settings
问题描述
我使用match来限制我的脚本只能使用一个域,但chrome会在每个域中运行它。我试着安装时试过 @include
和 @match
,它显示访问所有网站上的数据并在所有网站上运行它。
如何限制userscript到chrome中的一个域?
与此页面相同:。
使用include( Include,not match.user.js )的ANSI脚本报告这些权限:
虽然这是一个误导性报告,该脚本实际上将正确运行。也就是说,它只会触发雅虎页面。
这部分归因于Chrome如何将用户脚本自动转换为扩展名。 @match
语句直接转换为 manifest.json
的匹配
属性,而 @include
语句被制作为 include_globs
值。请参阅匹配图案和图案。
匹配
数组的权限报告键。
I use match to restrict my script to work only one domain but chrome runs it in every domain. I tried @include
and @match
and it says "Access your data on all websites" when I try to install it and it runs it in all websites.
How can I restrict userscript to one domain in chrome?
Metadata is same as this page: http://www.chromium.org/developers/design-documents/user-scripts
I mean it's:
// @match http://*.google.com/*
// @match http://www.google.com/*
Note: this answer developed between the OP and Rob W. Placing it here in the hopes that this question might be useful to others without having to sift through the comment chain, above.
There are two issues. First, a userscript header does not parse if a UTF8 BOM is present (Chromium bug 102667).
Second, when using @include
versus @match
in a userscript, Chrome misleadingly reports that the script can "Access your data on all websites", but this is not really true. The script will run on only those sites specified by the include statement(s).
Consider (or make) these three scripts:
UTF test, not UTF.user.js (save with ANSI encoding):
// ==UserScript==
// @name Not UTF source file
// @match http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
alert ("This script should not run on "+location.hostname+"!");
UTF test, is UTF.user.js (save with UTF-8 encoding, including the BOM):
// ==UserScript==
// @name Is UTF source file
// @match http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
alert ("This script should not run on "+location.hostname+"!");
Include, not match.user.js (save with ANSI encoding):
// ==UserScript==
// @name Use include, not match
// @include http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
alert ("This script should not run on "+location.hostname+"!");
Note that all 3 scripts are the same code. Only the @name
and/or the file-format and/or @include
versus @match
are different.
The ANSI script, with match (UTF test, not UTF.user.js) reports these permissions:
This script operates and reports correctly, and as expected.
The UTF-8 script, with match (UTF test, is UTF.user.js) reports these permissions:
The permissions are reported incorrectly, contradicting the @match
statement(s). Also note that the file-name is shown, URL-encoded, instead of the @name
directive. These are both clues that something is amiss.
Worse, this script will operate on all sites. That is, you will see the alert()
on all non-Yahoo pages. This is clearly a bug.
The ANSI script, with include (Include, not match.user.js) reports these permissions:
While this is a misleading report, the script will actually operate correctly. That is, it will only fire for yahoo pages.
This is due in part to how Chrome auto-converts userscripts into extensions. @match
statements are translated directly into the manifest.json
's matches
property, while @include
statements are made into include_globs
values. See Match patterns and globs.
The permissions report keys off the matches
array.
这篇关于尽管使用了@match和@include设置,Chrome用户仍然在所有页面上触发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!