javascript - Chrome userscript fires on all pages despite @match and @include settings - Stack Overflow

admin管理员组

文章数量:1429648

I use match to restrict my script to work only one domain but chrome runs it in every domain. I tried @include and @match and it says "Access your data on all websites" when I try to install it and it runs it in all websites.

How can I restrict userscript to one domain in chrome?

Metadata is same as this page:

I mean it's:

// @match http://*.google/*
// @match /*

I use match to restrict my script to work only one domain but chrome runs it in every domain. I tried @include and @match and it says "Access your data on all websites" when I try to install it and it runs it in all websites.

How can I restrict userscript to one domain in chrome?

Metadata is same as this page: http://www.chromium/developers/design-documents/user-scripts

I mean it's:

// @match http://*.google./*
// @match http://www.google./*

• javascript
• google-chrome
• userscripts

Share Improve this question Follow edited May 7, 2013 at 0:32 Brock Adams 93.7k2323 gold badges241241 silver badges305305 bronze badges asked May 6, 2013 at 16:37 SomeoneSomeone 73822 gold badges1212 silver badges2323 bronze badges 18

• Are you trying to install a zip / crx file or a .user.js file? – Rob W Commented May 6, 2013 at 16:40
• i said userscript so it's .user.js – Someone Commented May 6, 2013 at 16:41
• Chrome converts user scripts to native Chrome extensions with a match pattern equivalent to <all_urls>, then restricts the pages by via "include_globs". Don't worry about the warning, it behaves as you expect. If you want to get a less scary warning, you need to create a Chrome extension from your user script, and edit the "content_scripts"` part of the manifest.json file. See this answer for the steps to generate a Chrome extension from a user script. – Rob W Commented May 6, 2013 at 16:45
• 1 The example you've linked contains http://*/*. Obviously that's going to run on all pages. I've also checked the autogenerated manifest.json, and it contains the expected values. Read stackoverflow./a/11773654/938089 to learn how to get and find the autogenerated manifest.json file. EDIT: After removing // @matches http://*/*, the code only runs on Google - as expected. – Rob W Commented May 6, 2013 at 17:01
• 1 Please post an answer with the solution (and remove some ments which are probably not useful to future readers). Others may benefit from your findings. – Rob W Commented May 6, 2013 at 17:46

 |  Show 13 more ments

1 Answer 1

Sorted by: Reset to default 7

_{Note: this answer developed between the OP and Rob W.   Placing it here in the hopes that this question might be useful to others without having to sift through the ment chain, above.}

---

There are two issues. First, a userscript header does not parse if a UTF8 BOM is present (Chromium bug 102667).

Second, when using @include versus @match in a userscript, Chrome misleadingly reports that the script can "Access your data on all websites", but this is not really true. The script will run on only those sites specified by the include statement(s).

Consider (or make) these three scripts:

UTF test, not UTF.user.js (save with ANSI encoding):

// ==UserScript==
// @name    Not UTF source file
// @match   http://www.yahoo./*
// ==/UserScript==
if (location.hostname != 'www.yahoo.')
  alert ("This script should not run on "+location.hostname+"!");

UTF test, is UTF.user.js (save with UTF-8 encoding, including the BOM):

// ==UserScript==
// @name    Is UTF source file
// @match   http://www.yahoo./*
// ==/UserScript==
if (location.hostname != 'www.yahoo.')
  alert ("This script should not run on "+location.hostname+"!");

Include, not match.user.js (save with ANSI encoding):

// ==UserScript==
// @name    Use include, not match
// @include http://www.yahoo./*
// ==/UserScript==
if (location.hostname != 'www.yahoo.')
  alert ("This script should not run on "+location.hostname+"!");

Note that all 3 scripts are the same code. Only the @name and/or the file-format and/or @include versus @match are different.

---

The ANSI script, with match (UTF test, not UTF.user.js) reports these permissions:

This script operates and reports correctly, and as expected.

The UTF-8 script, with match (UTF test, is UTF.user.js) reports these permissions:

The permissions are reported incorrectly, contradicting the @match statement(s). Also note that the file-name is shown, URL-encoded, instead of the @name directive. These are both clues that something is amiss.

Worse, this script will operate on all sites. That is, you will see the alert() on all non-Yahoo pages. This is clearly a bug.

The ANSI script, with include (Include, not match.user.js) reports these permissions:

While this is a misleading report, the script will actually operate correctly. That is, it will only fire for yahoo pages.

This is due in part to how Chrome auto-converts userscripts into extensions. @match statements are translated directly into the manifest.json's matches property, while @include statements are made into include_globs values. See Match patterns and globs. The permissions report keys off the matches array.

本文标签： javascriptChrome userscript fires on all pages despite match and include settingsStack Overflow