CODEWITHSUNDEEP
safarisafari-extension
David Tuite
David Tuite

Reputation: 22643

Multiple whitelists/blacklists for content script injection?

I'm building a Safari extension with two different content scripts. One script needs to be injected into all http pages (but not https pages). The other one only gets injected into google.com pages regardless of scheme.

In order to achieve this, I have set Extension Website Access to:

Extension Website Access

This should mean that at a high level, content scripts in my extension should be able to access all pages.

To get more fine-grained control, I then programatically inject the content scripts into URLs which match my patterns.

App = {
  content: {
    // Inject into unsecure pages.
    whitelist: ['http://*/*'],
    // But not into secure pages.
    blackList: ['https://*/*'],
    loc: safari.extension.baseURI + 'data/content.js'
  },
  results: {
    // Inject this script into all google.com pages
    whiteList: ['http://*.google.com/*', 'https://*.google.com/*'],
    // Surely I don't need a blacklist if I specify a whitelist?
    blacklist: undefined,
    loc: safari.extension.baseURI + 'data/results.js',
  }
};

// Inject the first content script.
safari.extension.addContentScriptFromURL(App.content.loc, 
  App.content.whitelist, App.content.blacklist, false);

// Inject the second content script.
safari.extension.addContentStyleSheetFromURL(App.results.cssLoc, 
  App.results.whitelist, App.results.blacklist, false);

The problem is that both scripts are being injected into all pages. It's as if my white and blacklists do nothing. What am I doing wrong?

Upvotes: 2

Views: 1478

Answers (1)

David Tuite
David Tuite

Reputation: 22643

I was using capitals in my whilelist/blacklist definitions at the top:

App = {
  content: {
    blackList: ['https://*/*'],
  },
  results: {
    whiteList: ['http://*.google.com/*', 'https://*.google.com/*']
  }
};

But then using non-capitalized versions of the variables when I pass the lists into the script injection function.

safari.extension.addContentScriptFromURL(App.content.loc, App.content.whitelist, App.content.blacklist, false);

This obviously means that undefined was being passed into the injection function rather than an actual whitelist/blacklist.

Upvotes: 2

Related Questions