Interacting with
Web Content

Mozilla Add-on SDK Workshop

Follow along

http://talks.canuckistani.ca/webcontent-uk-2011/#2

Content scripts

• inject any JavaScript logic into a page:
  • inline JS code
  • your own scripts and libraries
  • 3rd party JS libraries such as jQuery
• modify the page's DOM
• communicate from the content script back to your add-on code

Hello, world

var pageMod = require("page-mod").PageMod({
  include: ['*'],
  contentScript: 'alert("Heellooooooo, Looondoooon!!!!")',
  contentScriptWhen: 'end',
});

• include: ['*'] which site(s) do we mod?
• contentScript JS code to run.
• contentScriptWhen: 'ready' when to run the code.

Content script security model

• window object is actually a proxy to the page's window.
• JS running in the page cannot change anything the content script has access to.

window.alert = function(arg) { /* evil code here */ }

window.alert("Heellooooooo, Looondoooon!!!!");

workaround: unsafeWindow

unsafeWindow: direct access to the document from content script. This is a security hole, here be dragons, this will steal your lunch, etc.

Using previous example, if you change the content script to:

Content script:

unsafeWindow.alert("Heellooooooo, Looondoooon!!!!");

Result: Hodor!!!

Exercise 1:

Expand the 'hello world' example to do something funny / evil / useful to every page.

Builder link, or

webcontent/1-hello in the github repo

page-mod

• ['*']: target any document loaded
• target very specific urls:
  ['http://canuckistani.ca/some_page.html']
• execute on start, ready or end ( default )
• react to the 'content script attached' event using onAttach
• emit events into your content scripts via a worker
• drawback: loaded into any matching document, including iframes!

'Batteries included' example

var pageMod = require("page-mod").PageMod({
    include: ['*.canuckistani.ca'],
    contentScriptWhen: 'end',
    contentScriptFile: [data.url('lib.js')],
    onAttach: function(worker) {
      workers.push(worker);
      worker.on('detach', function () {
        detachWorker(this, workers);
      });
      worker.postMessage('42'); 
    }
  });

Exercise 2:

• use this example to start
  ( or webcontent/2-pagemod in the git repo )
• target a specific site and up / degrade it's usability
• note: blanking out the page is too easy...
• be creative!

tabs

• tabs:
  • utilities for opening & closing tabs
  • tabs meta-data: title, url, etc.
  • react to tab-related events: open, close, ready, activate, deactivate
  • content scripts are loaded into the tab's top-level content.

Tabs / onAttach example

var data = require("self").data;
var tabs = require("tabs");
 
tabs.on('ready', function(tab) {
  tab.attach({
  contentScript: 'if (confirm("EXTERMINATE???")) ' + 
    '{ document.body.innerHTML = ' +
    '\'<img src="http://dailypop.files.wordpress.com/2010/04/dalek.gif">\';' + 
    'document.body.style.display="block"; ' + 
    '};',
  });
});

Exercise 3.a

• Use the tab onAttach example here
• Implement some behaviour based on a different tab event.

Exercise 3.b

• Use the same example
• adjust the behaviour so that the confirm dialog only pops up on mozilla.org.

Content script communications

• add-on code <==> content script
• content script ==> page
• content script <== page

Example: posting a message to a content script.

Example

Add-on code:

onAttach: function(worker) {
  workers.push(worker);
  worker.on('detach', function () {
    detachWorker(this, workers);
  });
  worker.postMessage('42');
}

Content script:

self.on('message', function (payload) {
    window.alert('The answer to the ultimate question of life, the universe ' + "\n" +
      'and everything is '+parseInt(payload));
});

Example: posting a message from a content script to your add-on.

Example

Content script:

self.postMessage("This is from the content script!");

Add-on code:

worker.on("message", function(data) {
    console.log("Got message: " + data);
})

Example: posting a message from a content script to a page.

Example

Content script:

document.defaultView.postMessage(' +
        '"this is my message...", "*");

Page code:

window.addEventListener('message', function(e) {
    console.log("Got message: " + e.data);
});

Example: posting a message from a page to your content script.

Example

Page script:

$(document).ready(function() {
    $("#clicker").click(function() {
        window.postMessage("sending message from page!", "*");
        return false;
    });
});

Add-on code:

tab.attach({
  contentScript: 'window.addEventListener("message",
    function(ev) {
      alert("In content script, got "+ ev.data);',
});

Exercise 4

Using this example as a starting point, implement a button in a page that sends an message through to your add-on code in main.js.

Questions?

We are all Rocketeers!

Get involved, kick the tires, let us know.

• IRC: #jetpack
• Google Group
• AMO Forum
• Weekly project meetings
• Stack Overflow