2

According to this post, I should be able to get a userscript to work in an iframe simply by specifying a match URL. However, it does not work for me in case of the iframe for Facebook like button embedded on - say - codeforces.com.

As an MVCE, here's a small script:

// ==UserScript==
// @name         Bug test
// @version      0.1
// @author       Gaurang Tandon
// @match        https://codeforces.com/*
// @match        https://www.facebook.com/v2.8/plugins/like.php
// @match        https://www.facebook.com/v2.8/plugins/like.php/
// @match        https://www.facebook.com/v2.8/plugins/like.php/*

// ==/UserScript==

(function() {
    'use strict';

    console.log(window.location.hostname);
}();

Loading this on codeforces.com gives only one log statement in DevTools Console and that is codeforces.com. Removing one or two of those @match directives changes nothing.

Why does the script not run in that iframe?

Brock Adams
  • 90,639
  • 22
  • 233
  • 295
Gaurang Tandon
  • 6,504
  • 11
  • 47
  • 84

1 Answers1

1

First that MCVE has a couple of problems:

  1. The @match needs to be:

    // @match  https://www.facebook.com/v2.8/plugins/like.php*

    because the typical URL is like: www.facebook.com/v2.8/plugins/like.php?app_id...

  2. There is a syntax error on the last line. It was }(); It needs to be } ) ();
    You would have seen that if you looked in the console or used Developer -> Run syntax check from the Tampermonkey editor menu.

Next, Tampermonkey tries to protect you from such foolishness by default blacklisting certain sites.
In the case of Facebook:

  1. Facebook spams their widgets, scripts, images, iframes everywhere. If a script ran on each instance it could degrade the performance of many a site. (Personally, use tools like uMatrix and uBlock to completely shut down Facebook and similar sites.)
  2. Facebook widgets are a prime target for malicious scripters. So, since there is seldom a legit reason to script those, Tampermonkey tries to block those by default.


You can see what Tampermonkey tries to block by:

  1. Go to Tampermonkey settings.

  2. Set Config mode to either "Beginner" or "Advanced":
    mode setting

  3. Scroll down to "Security".

  4. In the Blacklisted Pages box, you may see lines like:

    *://www.facebook.com/plugins/*
*://www.facebook.com/*/plugins/*

  5. Remove the line that stops the execution you want, and press the Save button for that text box.

Brock Adams
  • 90,639
  • 22
  • 233
  • 295
  • Hi, sorry for the syntax error. It occurred just as I was shortening my existing code and somehow backspace-d on one of my parentheses :| Thanks for the answer though! I didn't know the query parameters also needed a `*` in the URL for them. – Gaurang Tandon Dec 04 '18 at 01:44