undefined | Better HN

0 pointsasjfkdlf9y ago0 comments

No, that is not possible. Extensions in Chrome run in a different execution context than the website. The website's document.creatElement is different from the extension's.

If the website could override extension functions, attacks would already be possible by overriding Regex functions.

0 comments

dkopi9y ago

Good point, but that's assuming you're running in the context of the popup and not in the context of a content script. In the popup's script, you are using a new DOM. But in a content script - you're using the same DOM as the client, which can override createElement (and any other function as well).

mook9y ago

While content scripts (in the extension world, meaning scripts running in the context of a content page) shares the DOM with the untrusted page, it does not share the JavaScript wrapper layer around that DOM. This is extra confusing because the global object is a (JavaScript wrapper around a) DOM object.

The untrusted script can override its own view of createElement, but not the extension's view.

dkopi9y ago

Very interesting if true. I'm tempted to build an extension just to check that.

I wonder if a DOM mutation event would be triggered if a content script adds a new link element and changes it's href.

Would I be able to catch that and quickly change the href, before the content script continues to fecth the processed properties?

3 more replies

volker489y ago

Even if it is a content script its still not possible. https://developer.chrome.com/extensions/content_scripts#exec...

ghurtado9y ago

My understanding is that the content script can access the webpage DOM, but not the other way around (it's a "one way street", if you will)

j / k navigate · click thread line to collapse

0 comments

dkopi9y ago

mook9y ago

The untrusted script can override its own view of createElement, but not the extension's view.

dkopi9y ago

Very interesting if true. I'm tempted to build an extension just to check that.

I wonder if a DOM mutation event would be triggered if a content script adds a new link element and changes it's href.

Would I be able to catch that and quickly change the href, before the content script continues to fecth the processed properties?

3 more replies

volker489y ago

Even if it is a content script its still not possible. https://developer.chrome.com/extensions/content_scripts#exec...

ghurtado9y ago

My understanding is that the content script can access the webpage DOM, but not the other way around (it's a "one way street", if you will)

j / k navigate · click thread line to collapse