问题描述
有没有办法加载一个页面,对用户隐藏?
Is there a way to load a page, hidden from the user?
我不能在后台页面中使用 iframe,因为该页面有 frame-busting 技术.
I can't use an iframe in a background page, because the page has frame-busting techniques.
我不能使用 XHR,因为页面有 AJAX - 我需要它的(动态生成的)DOM.
I can't use an XHR, because the page has AJAX - I need its (dynamically generated) DOM.
推荐答案
恐怕您除了插入 iframe 之外别无选择.要破坏 iframe 破坏者,您可以采用以下技术:
I'm afraid that you don't have any other option than inserting the iframe anyway. To bust the iframe buster, you can employ the following techniques:
- 如果 iframe 被
X-Frames-Option: DENY阻止,只需使用webRequestAPI 删除标头 - 请参阅 在 Chrome 扩展程序中绕过 X-Frame-Options DENY?. 如果 frame buster 使用类似的东西
- If the iframe is blocked by the
X-Frames-Option: DENY, just remove the header using thewebRequestAPI - see Getting around X-Frame-Options DENY in a Chrome extension?. If the frame buster uses something like
if (top !== self) {
top.location.href = location.href;
}
然后通过设置 sandbox 属性在 iframe 上:
Then block the scripted navigation by set the sandbox attribute on the iframe:
var frame = document.createElement('iframe');
frame.sandbox = 'allow-scripts';
frame.src = 'data:text/html,<script>' +
'if (top !== self) { top.location.href = location.href;}' +
'alert(" (runs the rest of the code) ");' +
'</script>';
document.body.appendChild(frame);
导航将被阻止而不会抛出任何错误.但是,以下消息会记录到控制台:
Navigation will be blocked without throwing any errors. The following message is logged to the console though:
不安全的 JavaScript 尝试从 URL 为 '(....URL of frame..)' 的框架中为 URL 为 '(...首页的 URL...)' 的框架启动导航.尝试导航顶级窗口的框架已被沙盒化,但未设置allow-top-navigation"标志.
这些方法将始终有效,除非:
These methods will always work, unless:
- 页面包含
. - frame busting 脚本实现为
if (top === self) {/* run code*/}
在这些情况下,您别无选择,只能打开一个新标签页,阅读其内容,然后将其关闭.请参阅 chrome.tabs.create 和chrome.tabs.remove.
In these cases, you have no other option than opening a new tab, read its content, then close it. See chrome.tabs.create and chrome.tabs.remove.
这篇关于Chrome 扩展:加载隐藏页面(没有 iframe)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!