-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Major Blocker] need way to reliably run code on a page #4
Comments
I may be able to figure out a hack such as storing data in |
Update: The CSP and POST issues have been addressed. However, |
I guess a workaround would be to use |
Most preload issues should be solved once session wide preload is ready. |
@etiktin it sounds like that will solve the preload issue with |
It will make preload work in iframes and windows created by window.open, but yeah, it probably won't fix the no script tag issue. |
As a workaround for both remaining issues we could run a proxy server, intercept the responses and manipulate them (e.g. add a script tag). |
To make |
"CSP cannot be disabled for pages that restrict eval" is now fixed |
rewrote this to use web-view, v2.0.0 is out now. should fix this issue |
Currently the real world usefulness of this is blocked by some Electron and Chromium limitations
node-integration
which means you don't get e.g.require
in the web page, meaning you can't use node modules on pages that load after a form submission. I was usingrequire('ipc')
to communicate between window and browser, but this breaks that. The upstream chromium issue is https://code.google.com/p/chromium/issues/detail?id=475027wss
. this means my backup strategy of using a local websocket fails on pages that restrict connections to non-whitelisted domains (see linked issue text for details)script
tag on it, electronsprebuilt
script does not run (webview and preload do not work when there is no script tag in HTML electron/electron#1117)This module is a web scraper, so we have the following requirements:
nodeIntegration
disabled to minimize XSS security problemspreload
scripts andIPC
would be one way, butpreload
is not reliable (see above issues)eval
is another way, buteval
is not reliable (see above issues)So currently there is no way to achieve the above requirements (that I can see)
The text was updated successfully, but these errors were encountered: