-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use chrome.tabs.executeScript
when encountering javascript bookmarks
#3167
Conversation
Why do you think so? In my tests, I could use both |
And, |
Thanks for getting back to me! The reason for me believing initially that JavaScript bookmarks would no longer be supported in I receive an error in the browser console when trying to open a JS bookmark through the omnibar: Unchecked lastError value: Error: Illegal URL: javascript: (function() { const finncodeRegex = /finnkode=(\d+)/; const finncode = finncodeRegex.exec(window.location.search)[1]; if (finncode) { const TOKEN = 'tokentoknentoken'; window.location.assign( `https://www.finn.no/some/url/${finncode}?token=${encodeURIComponent( TOKEN )}` ); } })(); I also agree that we want to avoid exposing the users to all sorts of malicious scripts. I'll look into if formatting th JS bookmark properly will help solve the problem. |
Could you paste real JS URL again? The url in the lastError message does work on my Chrome. |
According to my tests, Chrome 71 does not allow "javascript:" urls in Update: document about changes of Chrome 71 is https://developer.chrome.com/extensions/tabs#property-updateProperties-url . |
Let me see if I know where we stand.
The fix is to use
We might have to just live with 1, if there's nothing else we can do. Re. 2... this wouldn't be a problem if we were starting from scratch and users were aware of the issue. However, if we suddenly start executing existing JS bookmarks in an environment with elevated permissions, then that's potentially a very serious matter. I'm not sure we can do that. |
Since `chrome.tabs.update()` no longer supports `javascript:` URLs, here we inject them into the page itself. Replaces philc#3167. Replaces philc#3209. Fixes philc#3178.
Great summary @smblott-github. This was superseded by #3437, so closing. |
This PR changes the behavior of
openUrlInCurrentTab
to usechrome.tabs.executeScript
whenever it encounters a JavaScript bookmark.chrome.tabs.update
does not support this anymore, resulting in an error whenever trying this.Tested in Both Chrome and Firefox 馃槃