All geek questions in one place

How to check if the site allowed Javascript to be entered in your bookmarklet?

I have a bookmarklet that injects Javascript into the page and opens an iframe with the HTML page I created, which allows the user to subscribe to the page directly from my bookmarklet.

The problem is that certain domains (Twitter and Facebook - two) do not allow me to enter Javascript, so I need to pop up a window.

Javascript console when on Facebook:

The script script name was denied because it violates the following content security policy directive: "script -src https: //.facebook.com http: //.facebook.com https: //.fbcdn.net http: //.fbcdn .net * .facebook.net * .google-analytics.com * .virtualearth.net.google.com 127.0.0.1: * .spotilocal.com: * chrome-extension: // lifbcibllhkdhoafpjfnlhfpfgnpldfl 'unsafe-inline' '' insecure-eval 'https: //.akamaihd.net http: //.akamaihd.net * .atlassolutions.com ".

Right now in my bookmark, I'm just checking to see if the URL matches these domains before I try to add JS, and if that happens, I will open a new window. For obvious reasons, this is not a good practice.

What is a good method of checking whether the Javascript function can be launched on the current page or not, and if not, to open a new window?

+4
2

, script . , script - . , , -, script - , , .

: , . Chrome Firefox Windows. :

newScript.addEventListener('error', function(){ console.log('script failed to load') });

, , , script, , , HTTP AJAX.

. Facebook.

req = new XMLHttpRequest;
req.onreadystatechange = function(){if (req.readyState==4) console.log(req.getResponseHeader('content-security-policy'))};
req.open("HEAD", document.location.href);
req.send();
+4

. , - , . -. try-catch, , .

0

Source: https://habr.com/ru/post/1527011/

More articles:


All Articles