0

I'm building a chrome extension. It injects a script tag with the src attribute set to my service. The script attempts to make a GET request with JQuery client to my service which I'll refer to as ~URL_FOR_MY_SERVICE~. An error occurs before the request is made to the server (i.e. not shown in chrome dev tools network panel). The error handler shows an error object with the attribute statusText with the value Error: SecurityError: Not valid character in URL: ~URL_FOR_MY_SERVICE~. However, if I copy ~URL_FOR_MY_SERVICE~ and paste it directly into the browser, it works, so the characters in the URL are in fact valid. This problem seems to only occur on https://www.linkedin.com/.

What's happening and how do I fix it?

JustCodin
  • 69
  • 6
  • It's just a check performed by the site's code, which you can either ignore or change the URL to something else by using a URL redirection service. Also make sure your URL doesn't contain spaces or non-encoded special characters. – wOxxOm Feb 06 '21 at 06:12
  • @wOxxOm I don't follow. I use the extension to inject a script from my domain on to the page, which tries to make a request to my service, but fails with that error. How would the site affect this part of the code unless they overrode the underlying GET request? I don't think a redirection would work since the request is never initiated. The URL doesn't have any special characters and works when entered into the browser's address bar. – JustCodin Feb 07 '21 at 16:57
  • Thing is, the question lacks [MCVE](/help/mcve) so all we can do is guess blindly. Since you add a DOM element, the page can modify/break it and the only way to prevent that is to add the element before any page script runs, but even in that case the page can rewrite the element afterwards. The only reliable method is to run this code as a content script either by including it with the extension or downloading it dynamically and then using chrome.tabs.executeScript in the background script. – wOxxOm Feb 07 '21 at 17:04
  • @wOxxOm I found the issue and the fix, but I still don't understand **why** it's only an issue on one single site. I issue a `GET` request to URL `https://localhost:3000/api/Comments/count?where={"entityId":3260}`. The fix is to encode the quotation characters `"` as `%22`. I'm just going to `encodeURI` the whole URL. Any idea why this happens on a single site? The original URL works on every other site, and also when I paste it directly into the address bar. – JustCodin Feb 07 '21 at 22:59
  • So I was right: doublequotes are invalid in a URL, see [Which characters make a URL invalid?](https://stackoverflow.com/a/1547940). – wOxxOm Feb 08 '21 at 06:09
  • @wOxxOm Cheers. Do you know why it works on every other page except one? – JustCodin Feb 09 '21 at 18:50
  • I would know if I debugged the page myself. Meanwhile I can only guess, which I did above. – wOxxOm Feb 09 '21 at 18:52

0 Answers0