0

In a chrome extension, you can set permissions in manifest.json. I assume crossrider generates this file behind the scenes. How can change the permissions generated by a crossrider extension or is it not possible yet?

My extension in particular needs access to image and video data on all pages. This gets denied with a CORS error and I believe setting the proper permissions would solve my problem.

[EDIT]

Here's the core of my code:

try {
    //all nodes in the DOM go through this function
    var parseNode = function(node) {

        //only get img and video tags
        var nodeName = node.nodeName.toUpperCase();
        if (["IMG", "VIDEO"].indexOf(nodeName) == -1)
            return;

        //attempt to extract their pixel data
        var canvas = document.createElement("canvas");
        var context = canvas.getContext("2d");
        try {
            console.log(node.src, " ", node.clientWidth, "x", node.clientHeight);
            canvas.width = node.clientWidth; //may be zero if failed CORS
            canvas.height = node.clientHeight;
            context.drawImage(node, 0, 0);
            var dat = context.getImageData(0, 0, canvas.width, canvas.height);
            console.log("Success");
            canvas.remove();
            return dat.pixels;
        }
        catch (e) {
            console.log("Failed ", node, ": ", e);
            canvas.remove();
        }
        return null;
    };

    //parse everything currently loaded
    var everything = document.getElementsByTagName("*");
    for (var i = 0; i < everything.length; i++) {
        parseNode(everything[i]);
    }

    //use a mutation ovserver to parse everything that gets injected later
    var parseMutations = function(mutations) {
        mutations.forEach(function(mutation) {
            if (mutation.addedNodes) {
                for (var i = 0; i < mutation.addedNodes.length; i++) {
                    parseNode(mutation.addedNodes[i]);
                }
            }
        });
    };

    var observer = new MutationObserver(parseMutations);
    observer.observe(document, {
        childList:     true,
        subtree:       true
    });
}
catch (e)
{
    //this has to be here since all browsers are so shit at catching syntax errors in extensions
    //not to mention the crossrider extension won't install properly if there's a typo or missing semicolon. so much pain
    console.log(e, " ", e.stack); //stack is pretty useless with crossrider code injection
}

On many pages I just get a tonne of these:

DOMException {
    code: 18
    message: "Failed to execute 'getImageData' on 'CanvasRenderingContext2D': the canvas has been tainted by cross-origin data."
    name: "SecurityError"
    ...

[EDIT]

I've removed the try/catch so the errors print properly. I'm still seeing lots of errors.

Uncaught SecurityError: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': the canvas has been tainted by cross-origin data.

I'm using this page to test with: http://en.wikipedia.org/wiki/HSL_and_HSV

"Run in IFrame" is off.

try {
    //all image and video nodes in the DOM go through this function
    var parseNode = function(node) {
        //attempt to extract their pixel data
        var canvas = document.createElement("canvas");
        var context = canvas.getContext("2d");
        node.title = "FAILED";
        console.log(node.src, " ", node.clientWidth, "x", node.clientHeight);
        canvas.width = Math.max(1, node.clientWidth); //may be zero if failed CORS
        canvas.height = Math.max(1, node.clientHeight);
        context.drawImage(node, 0, 0);
        var dat = context.getImageData(0, 0, canvas.width, canvas.height);
        canvas.remove();
        return dat.pixels;
        node.title = "SUCCESS";
        return null;
    };

    //parse everything currently loaded
    var everything = document.getElementsByTagName("*");
    for (var i = 0; i < everything.length; i++) {
        var node = everything[i];
        var nodeName = node.nodeName.toUpperCase();
        if (["IMG", "VIDEO"].indexOf(nodeName) != -1)
            (function(n) {setTimeout(function(){parseNode(n);},1000);})(node);
    }

    //use a mutation ovserver to parse everything that gets injected later
    var parseMutations = function(mutations) {
        mutations.forEach(function(mutation) {
            if (mutation.addedNodes) {
                for (var i = 0; i < mutation.addedNodes.length; i++) {
                    var node = mutation.addedNodes[i];
                    var nodeName = node.nodeName.toUpperCase();
                    if (["IMG", "VIDEO"].indexOf(nodeName) != -1)
                        (function(n) {setTimeout(function(){parseNode(n);},1000);})(node);
                }
            }
        });
    };

    var observer = new MutationObserver(parseMutations);
    observer.observe(document, {
        childList:     true,
        subtree:       true
    });
}
catch (e)
{
    //this has to be here since all browsers are so shit at catching syntax errors in extensions
    console.log(e, " ", e.stack); //stack is pretty useless with crossrider code injection
}
Community
  • 1
  • 1
jozxyqk
  • 16,424
  • 12
  • 91
  • 180

1 Answers1

2

Currently, the Crossrider platform does not provide a mechanism for modifying manifest permissions though there are plans to consider this for future releases.

Hence, you may manually experiment with adding the permission in the CRX file, though bear in mind that it may hinder the ability to support your extension.

[Disclosure: I am a Crossrider employee]

Shlomo
  • 3,763
  • 11
  • 16
  • Thanks for a quick reply! I assume I'd have to figure out how to modify the extension for each browser, not just chrome. Is adding permissions my only option in this case? – jozxyqk Mar 06 '14 at 00:56
  • Yes, you'd have to figure out the browser specific requirements and how to add them. As to an alternative, it really depends on how you are processing the images/videos. – Shlomo Mar 06 '14 at 10:08
  • I'm currently using filters to change the images, so I don't have to replace of modify them. My main issue is reading their data for content recognition and histogram generation. – jozxyqk Mar 07 '14 at 02:12
  • To help I need a code snippet and steps for how to reproduce the problem you are experiencing. – Shlomo Mar 09 '14 at 04:50
  • I've added some code to reproduce the problem. That's all I have in my `extension.js`. – jozxyqk Mar 10 '14 at 04:42
  • I tested your code on several sites and it works (except when image size is 0x0 which you should check for in your code). Please provide the steps/site for reproducing the problem. – Shlomo Mar 11 '14 at 11:43
  • Google sites, such as youtube spit out tonnes of errors. If the image fails CORS, I assume the size is unreadable/denied and hence 0x0. – jozxyqk Mar 11 '14 at 12:31
  • I looked into YouTube and I can see the issue only occurs when you use the Run in Iframes feature, i.e. the instances when your code is running in an iframe and hence you are experiencing CORS issues. – Shlomo Mar 12 '14 at 15:01
  • Oh, OK. Thanks! I'll have another look at it. Maybe I'll have to handle iframe injection myself. – jozxyqk Mar 12 '14 at 16:19
  • Maybe there's an option in chrome that stops this working for me. I can't access any image on [wikipedia](http://en.wikipedia.org/wiki/HSL_and_HSV) for example. – jozxyqk Mar 13 '14 at 08:41
  • I tried the extension on the specified wikipedia page and it was able to access images on the page. – Shlomo Mar 13 '14 at 10:43