How can I mimic Greasemonkey/Firefox's unsafeWindow functionality in Chrome?

Question

I'm just fiddling around with user scripts in chrome right now, so please bear with my potential ignorance/idiocy.

In the page I'm writing a script for, there is a <script> element that declares a variable x. Does this mean that, in my user script, I can just access x from the global namespace?

For example, if the only line in my userscript is alert(x);, should that work as expected (assuming x is a String)? I understand chrome doesn't support unsafewindow, but for some reason I'm finding it impossible to figure out how to mimic the functionality. Is it even possible?

Answer 1

contentWindow was available in Chrome 3, but removed in Chrome 4. Only possible solution for Chrome 4:

location.href="javascript:(function(){ alert('Hello'); })()"

Answer 2

This will give you a reference to the window object (as p):

var p = unsafeWindow;

if(window.navigator.vendor.match(/Google/)) {
    var div = document.createElement("div");
    div.setAttribute("onclick", "return window;");
    p = div.onclick();
};

Answer 3

Update:
The onclick exploit no longer works in the latest Chrome releases.

To get unsafeWindow functionality in Chrome, your best bet is to install and use Tampermonkey -- which you would be smart to do, regardless. Tampermonkey has full support for the Greasemonkey API and much easier script management.

Greasemonkey scripts and Tampermonkey scripts are almost always fully compatible, something that's not true for plain Chrome userscripts.

Forgoing Tampermonkey, the only alternative that still works is to use some form of script injection.

---

The following is now obsolete:

Chrome now defines unsafeWindow for userscripts / content-scripts, but Chrome's unsafeWindow still does not allow access to JS objects created by the target page.

Here's how to provide a properly unsafe, unsafeWindow -- in a cross-browser way that uses Feature Detection (good) versus Browser Sniffing (Bad):

/*--- Create a proper unsafeWindow object on browsers where it doesn't exist
    (Chrome, mainly).
    Chrome now defines unsafeWindow, but does not give it the same access to
    a page's javascript that a properly unsafe, unsafeWindow has.
    This code remedies that.
*/
var bGreasemonkeyServiceDefined     = false;

try {
    if (typeof Components.interfaces.gmIGreasemonkeyService === "object") {
        bGreasemonkeyServiceDefined = true;
    }
}
catch (err) {
    //Ignore.
}

if ( typeof unsafeWindow === "undefined"  ||  ! bGreasemonkeyServiceDefined) {
    unsafeWindow    = ( function () {
        var dummyElem   = document.createElement('p');
        dummyElem.setAttribute ('onclick', 'return window;');
        return dummyElem.onclick ();
    } ) ();
}

Answer 4

If you want to interact with page JavaScript, you will have to insert a script into a page. (Unless you want to use any of the hacks suggested at this page, of course.) I have cooked up a function to do just that for my own scripts, I will post it here in case anyone wants to use it.

/*
    @description    This function will insert the given code as a <script> or <style> block into a page.
    @param The code to insert; supported types are: JavaScript Function, String (JavaScript), String (CSS).
    @param2 Optional: The type of code that is inserted. If omitted, "js" is assumed. Possible values are 'js' or 'css'.
    @return The HTML element that was inserted, or FALSE on failure
*/
function insert(z,t){
    var j,f,x,c,i,n,d
    d=document
    c=d.createElement
    i=d.head.appendChild
    a=d.createTextNode
    if(typeof z==='function') j=!0,f=!0;
    if((t=='js'||!t)&&!f){j=!0,f=!1}
    if(t=='css'&&!j){x=c('style');x.setAttribute('type','text/css')}
    if(j){x=c('script');x.setAttribute('type','text/javascript')}
    if(f) n=a('('+z+')()');else n=a(z)
    x.appendChild(n)

    if(x){return i(x)}else{return !1}
}

A few examples to clarify:

//Inserting a JavaScript function
var func=function(){
    stopAds();
    startFileDownload();
}

insert(func);


//Inserting JavaScript as a string
var strJS="prompt(\"Copy:\",someVariableAtThePage);";

insert(strJS);
//Or with an OPTIONAL 2nd parameter:
insert(strJS,'js');


//Inserting CSS
var strCSS=".ad{display:none !important}    #downloadButton{display:block}";

insert(strCSS,'css');//Specifying 2nd parameter as "css" is required.

Answer 5

ok heres an idea you can inject the script using the address bar...

javascript:var ElEm = document.createElement("script");ElEm.src='[path_to_script]';document.body.appendChild(ElEm);

then you can run whatever you want in the window with your javascript