1

As the title states, is it possible to access the methods defined in a google extension from another google extension? The method I am trying to access can be called from the Google Console, however, when I try to access the method from my background page with the following code

chrome.tabs.executeScript(ns.tracsCopyFromTabId, {
            code: "alert(methodName)"  
        }

it gives me the following error:

Unchecked runtime.lastError while running tabs.executeScript: Cannot access a chrome-extension:// URL of different extension

I believe the method I'm trying to access is defined in their content-script? Has anyone ever tried and successfully do this?

paradozx
  • 108
  • 1
  • 10
  • 1
    Did you need to change the console's context (above) to the extension's name to call the code? – Xan Dec 20 '18 at 17:40
  • Hi Xan, no I didn't need to change the context. I typed only the method name in the console and it worked. – paradozx Dec 20 '18 at 17:42
  • 1
    Also, this error looks fishy. Unless there's `allFrames: true` involved, you may be injecting in the wrong tab? As in, not in a regular webpage (where _content scripts_ would be)? – Xan Dec 20 '18 at 17:42
  • But even if I were in the right tab, wouldn't their content script be inaccessible unless I have the proper permissions and then their script injected? – paradozx Dec 20 '18 at 17:46
  • 1
    I'm still not certain you're calling the code a _content script_ correctly. Because then you'd only be able to call it by changing the context from `top` to the extension name. But assuming you are, a content script won't be accessible, period, as it's an isolated JS context. – Xan Dec 20 '18 at 17:48
  • 1
    You'd need to whip out `debugger` + possibly customize Chrome flags to access that. – Xan Dec 20 '18 at 17:49
  • Yeah, I'm not sure 100% it's a content script either. If it's not from a content script then what else could it be? – paradozx Dec 20 '18 at 17:54

1 Answers1

1

The error

The error + your comment about not needing to change the context signifies that you're probably not actually injecting in a regular webpage that runs content scripts, but into an extension page (with visible URL chrome-extension://...).

Anything in such a page is not a content script by definition. Even if that code is also shared with a content script used somewhere else.

Note that if you're using (but not showing) allFrames: true for injection, you may be accidentally injecting in an extension-page frame, leading to that error.

Non-content script code

The problem is that you can't declare host permissions for chrome-extension:// pages. Therefore you can't inject content scripts into those pages.

It's not possible to define permissions to do that from an extension alone (to make an extension you can distribute that "just works"), but you can do it locally with Chrome flags + chrome.debugger API.

You will need chrome://flags/#silent-debugger-extension-api enabled and will need to use the Debugger Protocol to execute your code.

Sadly, the chrome://flags/#extensions-on-chrome-urls flag does not allow injection into this protocol either, so you have to use Debugger.

Content script code

If you're actually trying to reach code in a content script in a regular webpage, you can't call it from your own content script because every extension gets its own isolated JS context.

You'd need chrome.debugger again.

Code injected in the page context

Sometimes you're dealing with code that's injected in the webpage itself from a content script.

Then you should be able to access it with the method you describe by making the same content script -> page code leap. See the link above.

That doesn't explain the error you're getting though.

Xan
  • 74,770
  • 16
  • 179
  • 206
  • okay it's giving me the same error "Unchecked runtime.lastError while running debugger.attach: Cannot access a chrome-extension:// URL of different extension". I used the code below in my background page – paradozx Dec 20 '18 at 18:28
  • chrome.debugger.sendCommand({tabId:ns.tracsCopyFromTabId}, "Runtime.evaluate", {expression:"methodName"}, function(response){ console.log(response); }); – paradozx Dec 20 '18 at 18:28
  • Did you toggle the flag AND restarted the browser? – Xan Dec 20 '18 at 18:41
  • 1
    You'd also need the `""` permission, I think. – Xan Dec 20 '18 at 18:43
  • i added "" and same error. I also toggled the flag and restarted :/ – paradozx Dec 20 '18 at 18:46
  • 1
    Then someone needs to dig further. It used to work at some point, but it's conceivable that they have closed this possibility out of security concerns, like they did with webRequest interception. – Xan Dec 20 '18 at 21:15
  • Thanks for your help. I will let you know if I find the solution. – paradozx Dec 21 '18 at 15:07