将javascript代码注入匿名函数作用域 [英] Inject javascript code into anonymous function scope
问题描述
我有这种脚本需要注入
! function(e) {
function doSomething()
{
}
}
基本上,当我的代码通过Function 对象调用时,我得到了对doSomething 的引用,但我需要挂钩到doSomething,因此我需要对id 的原始引用.由于 doSomething 是在匿名函数中声明的,因此我无法访问它.问题是,我能否以某种方式将代码注入匿名函数、Greesemonkey 或任何其他工具的范围内.
Basically I get a reference to doSomething, when my code is called via Function object, but I need to hook to doSomething, so I need an original reference to id. Since doSomething is declared inside anonymous function I can't get to it. Question is, can I somehow inject code into the scope of anonymous function, Greesemonkey or any other tool.
推荐答案
嘿,伙计,我在谷歌搜索后看到你的问题,因为我对同一主题感兴趣,但我有点沮丧其他人的看法似乎不明白你在问什么......但经过一番思考,我实际上提出了一个解决方案!
Hey man I saw you're question after doing a google search, because I was interested in this same topic, and I was a bit frustrated how other people didn't seem to understand what you were asking... but after some thought, I actually proposed a solution!
首先我会告诉你如果你要写一个chrome扩展怎么做,这是保证我们拦截脚本源的最简单的方法,但也有一种不做扩展的方法,见下文.
First I'll show you how to do it if you were to write a chrome extension, which would be the simplest way to guarantee we are intercepting the script source, but there is also a way to do it without making an extension, see below further.
基本上,假设您有一些要为其编写插件的站点,其中包含一些 HTML 内容,例如:
Basically, say you have some site that you want to write an addon for, with some HTML content like:
<script src="http://www.someURL.com/someFile.js"></script>
文件 someFile.js 的内容如下:
and the file someFile.js has content like the following:
(function() {
function cantGetMeMethod() {
}
})();
因此用户在执行 HTML 的主页上无法获取函数cantGetMeMethod".
So the user, at the main page where the HTML is being executed, is unable to get the function "cantGetMeMethod".
问题是,如果我们能够简单地更改该 JavaScript 文件的源代码,我们可以轻松删除匿名函数包装,或者在底部插入某种全局变量引用.
The thing is, if we were able to simply change the source code of that JavaScript file, we could either easily remove the anonymous function wrap, or insert some kind of global variable reference to it at the bottom.
但是我们怎么可能从客户端更改 JavaScript 源代码?
这就是 chrome 扩展的用武之地.借助扩展,可以将在网站上任何地方发出的 HTTP 请求,甚至在页面加载之前,重定向到另一个网站.因此,例如,如果一个页面有如下图像:
That's where chrome extensions come in. With extensions, its possible to redirect an HTTP request that is made anywhere on the site, before the page even loads, to another website. So, for example, if a page had an image like:
<img src="http://example.com/somePic.png"></img>
扩展程序可以将所有从 example.com 发出的请求重定向到另一个网站,因此显示的真实图像(到带有扩展程序的客户端)实际上可以来自其他网站,并且是完全不同的图像!
the extension can redirect all requests made from example.com to another website, so the real image that is displayed (to the client with the extension) could be actually sourced at some other website, and be an entirely different image!
这与 JavaScript 有何关联?
How is this relevant to JavaScript?
因为同样的原理也适用于 JavaScript 源.我们所要做的就是找到对其他文件的 JavaScript 引用,并使用扩展名将 src URL 重定向到我们自己的服务器,并将原始 src URL 作为获取参数.因此,假设我们有一些 nodeJS 站点或托管在 http://www.myAwesomeNodeJSserverOrSomething.com 上的内容,因此我们将所有调用(或至少相关脚本调用)重定向到 http://www.someURL.com/someFile.js 到 http://www.myAwesomeNodeJSserverOrSomething.com/http://www.someURL.com/someFile.js
Because the same principle could work by JavaScript sources also. All we have to do is find the JavaScript references to other files, and, with the extension, redirect the src URL to our own server, with the original src URL as a get paramter. So say we have some nodeJS site or something hosted at http://www.myAwesomeNodeJSserverOrSomething.com, so we redirect all calls (or at least the relevant script calls) made to http://www.someURL.com/someFile.js to http://www.myAwesomeNodeJSserverOrSomething.com/http://www.someURL.com/someFile.js
然后在 nodeJS 端做一些类似的事情:
and then on the nodeJS side do something like:
require("http")
.createServer((q,r) => {
http.get(q.url.slice(1), req => {
let str = "";
req.on("data", d => str += d.toString())
req.on("end", () => {
let newCode = someFunctionThatModifiesCode(str);
r.end(newCode);
});
}); //pseudocode obviously, check for errors etc. for real
}).listen(8080);
现在页面已经修改了其中的 JavaScript 代码!那么我们如何制作一个快速的扩展来重定向标头呢?首先,创建一个新目录,并在其中创建一个名为 manifest.json 的文件,如下所示:
and now the page has modified JavaScript code in it! So how do we make a quick extension that redirects the headers? First, make a new directory, and make in it a file called manifest.json, like this:
{
"name":"JavaScript cracking the codes",
"version":"1.0",
"description":"hi",
"manifest_version":2,
"permissions": [
"webRequest",
"webRequestBlocking",
"<all_urls>"
],
"background": {
"scripts":["lol.js"],
"persistent": true
}
}
现在在同一目录下创建一个新文件lol.js",并放入如下内容:
now make a new file "lol.js" in the same directory, and put in it something like this:
let otherServer = "http://www.myAwesomeNodeJSserverOrSomething.com",
urlsToRedirect = [ //list of javascript files that need fine tuning
"http://www.someURL.com/someFile.js",
"http://www.someURL.com/someFile2.js",
"http://www.someURL.com/someFile3.js",
];
chrome.webRequest.onBeforeRequest.addListener(
details => {
if(
urlsToRedirect.includes(
details
.url
)
) {
{
redirectUrl: (
otherServer
+ "/"
+ details.url
)
}
}
},
{urls: ["<all_urls>"]},
["blocking"]
);
(警告:未经测试的代码)
(warning: untested code)
然后转到 chrome 设置,进入开发者模式,然后加载一个新的扩展程序,然后选择该文件夹.
And go to chrome settings, put in in developer mode, and load in a new extension, and select that folder.
此外,如果您自己只是这样做,那么在没有扩展名的情况下执行此操作的方法是在页面加载之前注入一个mutationobserver脚本,其中包含诸如tamper monkey之类的东西.有关更多信息,请参见 https://github.com/CertainPerformance/Stack-Exchange-Userscripts/blob/master/obsolete/Experiment-Off/StackExperimentOff.user.js https://stackoverflow.com/a/59424277/2016831如果这能帮您解决问题,请告诉我.
Also, the way to do it without an extension, if you yourself were just doing it, would be to inject a mutationobserver script before the page loads, with somethinng like tamper monkey. For more on this see https://github.com/CertainPerformance/Stack-Exchange-Userscripts/blob/master/obsolete/Experiment-Off/StackExperimentOff.user.js https://stackoverflow.com/a/59424277/2016831 Let me know if that solves it for you.
这篇关于将javascript代码注入匿名函数作用域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
