可选地注入内容脚本 [英] Optionally inject Content Script
问题描述
内容脚本可以通过在扩展清单文件中声明以编程方式或永久注入.程序注入需要主机权限,一般是浏览器或页面动作授予.
Content Script can be injected programatically or permanently by declaring in Extension manifest file. Programatic injection require host permission, which is generally grant by browser or page action.
在我的用例中,我想在没有用户操作的情况下注入 gmail、outlook.com 和 yahoo 邮件网站.我可以通过声明所有这些清单来实现,但这样做需要访问这些帐户的所有数据.某些用户可能只想授予 Outlook.com,而不授予 gmail.程序注入不起作用,因为我需要知道何时注入.使用选项卡权限还需要其他权限.
In my use case, I want to inject gmail, outlook.com and yahoo mail web site without user action. I can do by declaring all of them manifest, but by doing so require all data access to those account. Some use may want to grant only outlook.com, but not gmail. Programatic injection does not work because I need to know when to inject. Using tabs permission is also require another permission.
有什么好的方法可以选择性地注入网站吗?
Is there any good way to optionally inject web site?
推荐答案
如果没有适当的权限,您将无法在站点上运行代码.幸运的是,您可以在 optional_permissions 中添加主机权限manifest 文件来声明它们是可选的,并且仍然允许扩展使用它们.
You cannot run code on a site without the appropriate permissions. Fortunately, you can add the host permissions to optional_permissions in the manifest file to declare them optional and still allow the extension to use them.
响应用户手势,您可以使用 chrome.permission.request 请求额外的权限.此 API 只能用于扩展页面(背景页面、弹出页面、选项页面等).从 Chrome 36.0.1957.0 开始,所需的用户手势也从内容脚本中继承,所以如果你愿意,你可以从内容脚本中添加一个点击事件侦听器并使用 chrome.runtime.sendMessage 将请求发送到后台页面,后台页面依次调用 chrome.permissions.request.
In response to a user gesture, you can use chrome.permission.request to request additional permissions. This API can only be used in extension pages (background page, popup page, options page, ...). As of Chrome 36.0.1957.0, the required user gesture also carries over from content scripts, so if you want to, you could add a click event listener from a content script and use chrome.runtime.sendMessage to send the request to the background page, which in turn calls chrome.permissions.request.
获得主机权限(可选或强制)后,您必须以某种方式在匹配页面中注入内容脚本(或 CSS 样式).有几个选项,按我的喜好排序:
After obtaining the host permissions (optional or mandatory), you have to somehow inject the content script (or CSS style) in the matching pages. There are a few options, in order of my preference:
使用
chrome.declarativeContent.RequestContentScript操作在页面中插入内容脚本.如果您想了解如何使用此 API,请阅读文档.
使用 webNavigation API(例如 chrome.webNavigation.onCommitted) 来检测用户何时有导航到页面,然后使用 chrome.tabs.executeScript 在选项卡中插入内容脚本(或 chrome.tabs.insertCSS 插入样式).
Use the webNavigation API (e.g. chrome.webNavigation.onCommitted) to detect when the user has navigated to the page, then use chrome.tabs.executeScript to insert the content script in the tab (or chrome.tabs.insertCSS to insert styles).
使用 tabs API(chrome.tabs.onUpdated) 来检测页面可能有更改,并使用 chrome.tabs.executeScript 在页面中插入内容脚本.
Use the tabs API (chrome.tabs.onUpdated) to detect that a page might have changed, and insert a content script in the page using chrome.tabs.executeScript.
我强烈推荐选项 1,因为它是专门为此用例设计的.注意:此 API 已在 Chrome 38 中添加,但仅适用于可选权限 自 Chrome 39 起.尽管有警告:此操作仍处于试验阶段,在 Chrome 的稳定版本上不受支持." 在文档中,该 API 实际上是在稳定版上支持的.最初的想法是等待审核,然后再将 API 发布到稳定版,但该审查从未到来,所以现在这个 API 已经运行了将近两年.
I strongly recommend option 1, because it was specifically designed for this use case. Note: This API was added in Chrome 38, but only worked with optional permissions since Chrome 39. Despite the "WARNING: This action is still experimental and is not supported on stable builds of Chrome." in the documentation, the API is actually supported on stable. Initially the idea was to wait for a review before publishing the API on stable, but that review never came and so now this API has been working fine for almost two years.
第二个和第三个选项类似.两者之间的区别在于使用 webNavigation API 添加了额外的权限警告(阅读您的浏览历史记录").对于此警告,您将获得一个可以有效过滤导航的 API,因此可以最大限度地减少 chrome.tabs.executeScript 调用的次数.
The second and third options are similar. The difference between the two is that using the webNavigation API adds an additional permission warning ("Read your browsing history"). For this warning, you get an API that can efficiently filter the navigations, so the number of chrome.tabs.executeScript calls can be minimized.
如果你不想在你的权限对话框中放置这个额外的权限警告,那么你可以盲目地尝试在每个选项卡上注入.如果你的扩展有权限,那么注入就会成功.否则,它失败.这听起来效率不高,而且也不是... ...从好的方面来说,这种方法不需要任何额外的权限.
If you don't want to put this extra permission warning in your permission dialog, then you could blindly try to inject on every tab. If your extension has the permission, then the injection will succeed. Otherwise, it fails. This doesn't sound very efficient, and it is not... ...on the bright side, this method does not require any additional permissions.
通过使用后两种方法中的任何一种,您的内容脚本的设计方式必须能够处理多次插入(例如 使用守卫).也支持插入框架 (allFrames:true),但前提是允许您的扩展程序访问选项卡的 URL(或框架的 URL,如果 frameId 已设置).
By using either of the latter two methods, your content script must be designed in such a way that it can handle multiple insertions (e.g. with a guard). Inserting in frames is also supported (allFrames:true), but only if your extension is allowed to access the tab's URL (or the frame's URL if frameId is set).
这篇关于可选地注入内容脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
