I've just been updating a chrome plugin to manifest version 2. I've had no issues with permissions relating to javascript but the plugin has some image assets packaged with it that are no longer showing up.
The two specific cases are in popup notifications when the user interacts with the plugin in certain ways and some small images the plugin inserts into certain pages. In both cases the images are packaged with the plugin. I'm having no issue with the plugin loading images from external resources. My object-src setting in the content_security_policy includes 'self'.
What am I missing? I can open the images if I navigate to them directly via "chrome-extension:///some_img.png" so they are definitely there. I've used the webkit inspector and finding the img that has been inserted, right clicking on the img src and opening in a new tab also shows the img so the urls being inserted are correct (which they should be, I'm using the chrome.extension.getURL function).
UPDATE:
Setting img-src in the content_security_policy also did nothing. I don't know if chrome even uses that particular option but it's in the W3C spec.
After digging through the changelog for the last few chrome versions, I came across a new (added in Chrome 18) manifest option web_accessible_resources. This needs to be added to your manifest with a value that's a list of strings. The strings are paths in you plugin's directory to resources (imgs etc...) that you want to be accessible within web pages (or importantly, chrome desktop notifications). Adding this parameter to my manifest gave permissions for the necessary images to be loaded.
Related
I'd like to show several webpages in one Chrome window by either writing an app or an extension.
Genuine iframes won't do, because some webpages either disable loading in iframes, or otherwise problems with content-security-policy directives prevent this from working.
webview tags don't use the browser's extension set, or write to history and so on - they seem to be just kind of little browsers of their own.
App Windows would be nice if instead of having their own window, they could be embedded in a single host window.
What I'd like is several "iframe-like" components that act completely like a normal Chrome viewport from the loaded site's perspective, and upon which installed extensions work, etc. If I were able to install extensions inside a webview, that would work too.
Is there anything like this that I can use within a Chrome app or extension?
So ive been through several posts and searches, but im still at a loss for how to get Chrome to display images when the src attribute uses a file thats located on another server. Im getting the image and setting its path via a custom file browser that Im hooking into CKeditor with. Works fine in IE, just not chrome.
This is for an intranet, and some of the image content is stored off of the web server. Although IE displays fine, it seems that Chrome does not like to display images with the src attribute is of a format like
file://server_name/share_name/folder_1/file_1.png
Strange, even though Chrome will pass the users identity, so its not a security issue. Also, if I take the path and directly paste it in the url window of Chrome, it displays fine. Just not when a img src value.
If this was just a page on its own, I could use a custom handler and write to the response stream, but this needs to work with a content editor.
Id like to include Chrome since many of our users have it and use it daily, but our default is IE.
Are there any file url schemes, or Chrome settings that will override these issues?
The issue may not be the image or URL format. I'd wager that it's browser security restrictions.
To ensure that maliciously designed web pages can't access a user's local files, accessing any data from the user's filesystem (especially network drives) is generally disallowed in most modern browsers. (At least in their default configuration. There may be policies or runtime parameters to override these for testing purposes such as Chrome's --disable-web-security parameter, but these are purposefully difficult to turn off.)
If you want the content to display across all browsers, you'll likely need to deliver it via HTTP(s) like the rest of the page content.
In previous version of chrome, on a webpage with the following:
<script>
document.write('<plaintext>');
</script>
<img src="http://example.com/image.jpg">
the image would not be downloaded. At some point a chrome update changed this behavior. Now when I look at the network tab, I see the image is downloaded. (fiddle here: https://jsfiddle.net/doojunqx/)
I have a script that is on a page, I would like to use this script to stop the browser from downloading (using up network bandwidth) for images and other assets that are unwanted and below my script tag.
Mobify does something similar here:
http://cdn.mobify.com/mobifyjs/examples/capturing-grumpycat/index.html
As they say on the page "Open your web inspector and note the original imgs did not load." However, when I open chrome developer tools and look at the network tab, I see the original images ARE now loading. I'm not sure what version of chrome changed this, but I think it is recent, within the last month or two.
Is there any way to force chrome back to the old behavior? Or any other way to stop these unwanted assets from loading?
Thanks,
Great question, and you're correct that it is a recent change in Chromium that affected the plaintext tag behaviour. In versions up to and including version 42.*, the HTML document parser would not spawn an asynchronous parsing thread until an external resource was found in the original HTML document. Once such a resource was found, an asynchronous thread would be spawned that would aggressively download all resources references within the HTML.
The recent change simplified the parsing behaviour by moving all document parsing to the asynchronous thread which now kicks off automatically. Whereas before, using the plaintext tag would ensure that no resources would be loaded if it was inserted before the first external resource, the plaintext tag is now racy as resources will download up to the moment the plaintext tag is executed in the main HTML document. As there is a time delay for the script to execute, an unknown number of resources will be retrieved.
There is as of yet no solution to this new behaviour, nor is there a way to disable the preload scanner as you would like. You will need to rely on workarounds such as polyfills to control your resource downloads. This new behaviour is only present in all versions of Chrome >= 43.* and has not been implemented in Safari, Firefox, or other browsers.
I have page where RSS icon is present. I want that when user clicks on RSS icon it will check in chrome browser that, whether that RSS reader chrome extension is installed or not
I am trying to achieve this by using chrome extension methods, mentioned here.
I tried something like this but it is not working:
var port = chrome.extension.connect("nlbjncdgjeocebhnmkbbbdekmmmcbfjd");
To use this API you need to be either an extension or a web application having the necessary permissions - normal web pages cannot access it. However, detecting whether an extension is installed in Chrome is still easy:
<script src="chrome-extension://nlbjncdgjeocebhnmkbbbdekmmmcbfjd/manifest.json"
onload="alert('installed')" onerror="alert('not installed')"></script>
This uses the fact that the extension's manifest.json file is located under a predictable URL and that web pages are allowed to load this URL. Of course, this isn't an officially documented approach but rather a loophole and a privacy issue. So be prepared for it to stop working in some future Chrome version. At the moment it works however.
I read in a source that chrome, when it goes to a domain, it prefetches most of the pages that might be used for that domain. As a result of this, I'm facing a problem. I have a greasemonkey script which is to be injected in every page. But what seems to happen is that the browser injects the script for the first page in a domain and that remains when i go to another page, instead of being re-injected (which is what i would want). Any ideas on how i could achieve this behavior ??
Google Chrome will precache DNS entries on the page but it doesn't pro-actively go and fetch pages, Firefox however, does prefetch pages.
Actually, there is a case where Chrome will proactively pre-cache any page that is mentioned in the cache manifest. This is designed for offline scenarios. However, each page when downloaded will not be executed against any injected script, nor will it run any JS on those pages.