0

I'm writing a chrome extension to manipulate DOM elements in a website.

I have a content script that seems to be blocked somehow from executing in the webpage's iFrames even though it is injected.

content.js:

console.log("this script is executed");
chrome.runtime.sendMessage("Hello background.js, I am a frame");

Both in the webpage's console and the background.js' console only the first frame is logged. At first I thought the iFrames were dynamically loaded and therefore the content scripts could not be injected. Then I looked at the JS contexts in the console and it seems like the opposite is true:
They are injected but not executed.

I also tried accessing the frames via the top frame by: 

let iFrames = document.getElementsByClassName('js-iframe');
    for (iFrame of iFrames) {
        console.log(iFrame.contentDocument);
        console.log(iFrame.contentWindow);
    }

//null
//Uncaught (in promise) DOMException: Blocked a frame with origin "https://www.webpage.com" from accessing a cross-origin frame.

What am I missing out?

PS: Of course a solution by executing in the frames themselves would be more preferable but a workaround like the one I tried would be extremely helpful as well.

crimbler2
  • 23
  • 7
  • `{ "matches": ["https://www.webpage.com/*/*"], "js": ["content.js"], "all_frames": true, "match_about_blank": true, "run_at": "document_start" }` – crimbler2 May 31 '20 at 08:07
  • The declaration is fine so the only explanation is [grouping of identical messages](https://stackoverflow.com/questions/5584835/why-does-google-chrome-group-identical-console-log-messages) in console. – wOxxOm May 31 '20 at 08:11
  • Thanks for your fast response, but this is not the problem. I'm also sending requests to the background.js where sender and msg are logged which differ for each request. And there also only the top frame is logged – crimbler2 May 31 '20 at 08:18
  • `chrome.runtime.onMessage.addListener((msg, sender) => { if (msg === "Hello background.js, I am a frame") { console.log("sender:"); console.log(sender); console.log("msg"); console.log(msg); console.log("-----------------"); } });` Is it possible that the frames are loaded dynamically? Would there even be a jsContext for them in the chrome console? – crimbler2 May 31 '20 at 08:42
  • The background script code looks fine. For content script declared in manifest.json it doesn't matter if the iframes are created dynamically or not. 1) Disable console grouping and/or enable timestamps in devtools. 2) Click the reload icon on the extension card in chrome://extensions page, 3) Reload all tabs. – wOxxOm May 31 '20 at 08:47
  • Ok I did all of that. Sadly the problem didn't go away. But I noticed that even if I had "all_frames: false" the jsContexts in the chrome console didn't look any [different](https://i.stack.imgur.com/cWpHG.png). – crimbler2 May 31 '20 at 08:59
  • It means you didn't reload the extension or there's a bug in Chrome. – wOxxOm May 31 '20 at 09:00
  • Anyway, currently the question is unanswerable due to a lack of [MCVE](/help/mcve) that we can try. – wOxxOm May 31 '20 at 09:08
  • Ok, thanks anyway for your help :) – crimbler2 May 31 '20 at 09:16
  • I don't see how I helped though. – wOxxOm May 31 '20 at 09:21
  • Assuming you did reload the extension, maybe you're editing the code in the wrong folder, not the one from which the extension is loaded in the browser. You can verify the contents of the manifest by opening chrome-extension://your-extension-id/manifest.json in the address bar. – wOxxOm May 31 '20 at 09:33
  • If you want to try it: the page is "sneakersnstuff.com". Navigate to a product page. Either the iFrames are dynamically loaded or the scripts are blocked. – crimbler2 Jun 12 '20 at 17:04
  • Works for me, just as it should. Like I said, the thing you're describing is impossible unless there's a bug in the browser or in your code. – wOxxOm Jun 12 '20 at 17:08
  • I think I found my mistake. Until now I thought that "all_frames=true" for a match means: if a page with this url is called the js files are executed in all the frames in this page/tab. What it **does** mean: It matches this url even if it was an iFrame in another webpage, doesn't it? – crimbler2 Jun 15 '20 at 14:37
  • Yep you got it right now and indeed the names in the API aren't the best. – wOxxOm Jun 15 '20 at 14:44

1 Answers1

-1

update the Permission in manifest.json "permissions": [ "...", "content.js"//something that you want to allow ]

Seeker
  • 14
  • 1