Chrome扩展程序将JS注入沙盒iframe

时间:2015-02-14 18:04:14

标签: javascript iframe google-chrome-extension webrtc sandbox

我正在开发一个Chrome扩展程序来阻止WebRTC应对此漏洞:https://github.com/diafygi/webrtc-ips

使用当前代码一切顺利,直到几天前更新漏洞利用程序包含此内容:iframe.sandbox = 'allow-same-origin';
由于添加了沙箱属性,因此收到错误Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

怎么办?

manifest.json的相关代码:

    "content_scripts": [
    {
        "matches": ["<all_urls>"],
        "run_at": "document_start",
        "all_frames": true,   
        "match_about_blank": true,
        "js": ["webrtc.js"]
    }
],
 "permissions": [ "tabs", "<all_urls>", "webRequest", "webRequestBlocking"],

我的webrtc.js:

 var inject = '(' + function() {
        if (typeof window.RTCPeerConnection !== "undefined") {
            window.RTCPeerConnection = undefined;
        }
        if (typeof window.webkitRTCPeerConnection !== "undefined") {
            window.webkitRTCPeerConnection = undefined;
        }
    } + ')();';
var isInIFrame = window.frameElement && window.frameElement.nodeName == "IFRAME";
    if(isInIFrame==true){
        var script = document.createElement('script');
        script.textContent = inject;
        (document.head || document.documentElement)
        .appendChild(script);
        script.parentNode.removeChild(script);
    }
else
    {
        var script = document.createElement('script');
        script.textContent = inject;
        (document.head || document.documentElement)
        .appendChild(script);
        script.parentNode.removeChild(script);
    }

LE:我忘了补充说扩展并没有在最新的稳定版本40.0.2214.111中阻止WebRTC,但似乎在Canary 42.0.2304.0中这样做。

0 个答案:

没有答案