我正在制作chrome扩展,正在查看我的manifest.json文件,并意识到:
我有这样的网站的权限:
"permissions": [ "*://*.google.com/*", "*://*.twitter.com/*", ]如果我使用<all_urls>作为我的内容脚本 ,它是否仅限于Google和Twitter域名? 或者它是否也会将脚本注入其他网站,尽管没有获得许可?
I'm making a chrome extension, and was looking at my manifest.json file and realized something:
I have permissions for sites like this:
"permissions": [ "*://*.google.com/*", "*://*.twitter.com/*", ]If I use <all_urls> for my content script, will it be limited to only Google and Twitter domains? Or will it also inject the script into other websites despite not having permission?
最满意答案
如上所述,
如果应始终注入内容脚本的代码,请使用content_scripts字段在扩展清单中注册它。 如果您只想有时注入代码,请改用权限字段。
我相信all_urls会覆盖权限。 在我的一个使用all_urls扩展程序上测试后,它确实可以在非google / twitter域上运行。 然后,我在chrome://extensions点击了我的扩展程序上的权限链接,它告诉我扩展程序可以“读取并更改您访问的网站上的所有数据”
As stated here,
If your content script's code should always be injected, register it in the extension manifest using the content_scripts field. If you want to inject the code only sometimes, use the permissions field instead.
I believe all_urls will override the permissions. After testing this on one of my extensions which uses all_urls, it did in fact work on non-google/twitter domains. I then clicked on the permissions link on my extension in chrome://extensions and it told me that the extension can "read and change all your data on the websites you visit"
更多推荐
发布评论