尽管使用了@match和@include设置，Chrome用户仍然在所有页面上触发 [英] Chrome userscript fires on all pages despite @match and @include settings

问题描述

我使用match来限制我的脚本只能使用一个域，但chrome会在每个域中运行它。我试着安装时试过 @include 和 @match ，它显示访问所有网站上的数据并在所有网站上运行它。

如何限制userscript到chrome中的一个域？

与此页面相同：。

使用include（ Include，not match.user.js ）的ANSI脚本报告这些权限：

虽然这是一个误导性报告，该脚本实际上将正确运行。也就是说，它只会触发雅虎页面。

这部分归因于Chrome如何将用户脚本自动转换为扩展名。 @match 语句直接转换为 manifest.json 的匹配属性，而 @include 语句被制作为 include_globs 值。请参阅匹配图案和图案。
匹配数组的权限报告键。

I use match to restrict my script to work only one domain but chrome runs it in every domain. I tried @include and @match and it says "Access your data on all websites" when I try to install it and it runs it in all websites.

How can I restrict userscript to one domain in chrome?

Metadata is same as this page: http://www.chromium.org/developers/design-documents/user-scripts

I mean it's:

// @match http://*.google.com/*
// @match http://www.google.com/*

解决方案

_{Note: this answer developed between the OP and Rob W.   Placing it here in the hopes that this question might be useful to others without having to sift through the comment chain, above.}

---

There are two issues. First, a userscript header does not parse if a UTF8 BOM is present (Chromium bug 102667).

Second, when using @include versus @match in a userscript, Chrome misleadingly reports that the script can "Access your data on all websites", but this is not really true. The script will run on only those sites specified by the include statement(s).

Consider (or make) these three scripts:

UTF test, not UTF.user.js (save with ANSI encoding):

// ==UserScript==
// @name    Not UTF source file
// @match   http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
  alert ("This script should not run on "+location.hostname+"!");

UTF test, is UTF.user.js (save with UTF-8 encoding, including the BOM):

// ==UserScript==
// @name    Is UTF source file
// @match   http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
  alert ("This script should not run on "+location.hostname+"!");

Include, not match.user.js (save with ANSI encoding):

// ==UserScript==
// @name    Use include, not match
// @include http://www.yahoo.com/*
// ==/UserScript==
if (location.hostname != 'www.yahoo.com')
  alert ("This script should not run on "+location.hostname+"!");

Note that all 3 scripts are the same code. Only the @name and/or the file-format and/or @include versus @match are different.

---

The ANSI script, with match (UTF test, not UTF.user.js) reports these permissions:

This script operates and reports correctly, and as expected.

The UTF-8 script, with match (UTF test, is UTF.user.js) reports these permissions:

The permissions are reported incorrectly, contradicting the @match statement(s). Also note that the file-name is shown, URL-encoded, instead of the @name directive. These are both clues that something is amiss.

Worse, this script will operate on all sites. That is, you will see the alert() on all non-Yahoo pages. This is clearly a bug.

The ANSI script, with include (Include, not match.user.js) reports these permissions:

While this is a misleading report, the script will actually operate correctly. That is, it will only fire for yahoo pages.

This is due in part to how Chrome auto-converts userscripts into extensions. @match statements are translated directly into the manifest.json's matches property, while @include statements are made into include_globs values. See Match patterns and globs. The permissions report keys off the matches array.

这篇关于尽管使用了@match和@include设置，Chrome用户仍然在所有页面上触发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！