劫持一个用于Chrome的userscript变量 [英] Hijacking a variable with a userscript for Chrome

问题描述

我试图用脚本改变页面中的变量。
我知道在源代码中有一个变量

  var smilies = false; 
  

理论上我应该可以像这样改变它：

  unsafeWindow.smilies = true; 
  

但它不起作用。当我试图提醒或记录变量到控制台没有劫持时，我得到它是未定义的。

  alert（unsafeWindow。表情符号）; //未定义
  

编辑：我使用Chrome如果它改变任何东西...

http：//代码。 google.com/chrome/extensions/content_scripts.html 表示：

内容脚本在特殊环境中执行，称为隔离型
世界。他们可以访问他们注入的页面的DOM，
，但不能访问由该页面创建的任何JavaScript变量或函数。
它看起来像每个内容脚本，就好像没有其他JavaScript
在它正在运行的页面上执行。

这是关于Chrome扩展程序的，但我想这与使用者脚本也是一样的故事？

感谢Rob W. So为需要它的人提供的工作代码：

  var scriptText =smilies = true;; 
 var rwscript = document.createElement（script）; 
 rwscript.type =text / javascript; 
 rwscript.textContent = scriptText; 
 document.documentElement.appendChild（rwscript）; 
 rwscript.parentNode.removeChild（rwscript）; 
  

解决方案

在内容脚本（Chrome扩展程序），页面的全局窗口对象和内容脚本的全局对象。

• 要注入代码，脚本标记必须注入 。
  
• 覆盖变量很简单。
  
  覆盖变量，目的是防止变量被覆盖，需要使用 Object.defineProperty ^{Example + notes} 。

最终的内容脚本代码：

  //这个函数将被字符串化，并注入页面
 var code = function（）{ 
 //窗口与页面窗口相同，因为此脚本被注入
 Object.defineProperty（window，'smilies'，{
 value：true 
}）; 
 //或简单地说：window.smilies = true; 
}; 
 var script = document.createElement（'script'）; 
 script.textContent ='（'+ code +'）（）'; 
（document.head || document.documentElement）.appendChild（script）; 
 script.parentNode.removeChild（script）; 
  

I'm trying to change the variable in a page using a userscript. I know that in the source code there is a variable

var smilies = false;

In theory I should be able to change it like that:

unsafeWindow.smilies = true;

But it doesn't work. When I'm trying to alert or log the variable to the console without hijacking I get that it's undefined.

alert(unsafeWindow.smilies); // undefined !!!

EDIT: I'm using Chrome if it changes anything...

http://code.google.com/chrome/extensions/content_scripts.html says:

Content scripts execute in a special environment called an isolated world. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page. It looks to each content script as if there is no other JavaScript executing on the page it is running on.

It's about Chrome Extensions but I guess it's the same story with Userscripts too?

Thank you, Rob W. So the working code for people who need it:

var scriptText = "smilies = true;";
var rwscript = document.createElement("script");
rwscript.type = "text/javascript";
rwscript.textContent = scriptText;
document.documentElement.appendChild(rwscript);
rwscript.parentNode.removeChild(rwscript);

解决方案

In Content scripts (Chrome extensions), there's a strict separation between the page's global window object, and the content script's global object.

• To inject the code, a script tag has to be injected.
• Overwriting a variable is straightforward.
  Overwriting a variable, with the intention of preventing the variable from being overwritten requires the use of Object.defineProperty ^{Example + notes}.

The final Content script's code:

// This function is going to be stringified, and injected in the page
var code = function() {
    // window is identical to the page's window, since this script is injected
    Object.defineProperty(window, 'smilies', {
        value: true
    });
    // Or simply: window.smilies = true;
};
var script = document.createElement('script');
script.textContent = '(' + code + ')()';
(document.head||document.documentElement).appendChild(script);
script.parentNode.removeChild(script);

这篇关于劫持一个用于Chrome的userscript变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！