Skip to content

Commit 7a5eadd

Browse files
save file
1 parent a510994 commit 7a5eadd

File tree

1 file changed

+60
-0
lines changed
  • blog/25-12-04/bypass-csp/ext-js/popup

1 file changed

+60
-0
lines changed
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
2+
3+
4+
window.onload = ()=>{
5+
6+
7+
var $ = (root,sel)=>(!sel && (sel=root,root=document),root.querySelector(sel));
8+
9+
10+
var button = $('[value=run]');
11+
12+
button.addEventListener('click', async () => {
13+
14+
var input = $('textarea');
15+
var script = input.value;
16+
await execInPage(script);
17+
18+
});
19+
20+
21+
var code = `
22+
23+
(async()=>{
24+
25+
26+
var url = 'https://raw.githubusercontent.com/javascript-2020/stackoverflow/main/console-log.js';
27+
var js = await fetch(url).then(res=>res.text());
28+
eval(js);
29+
30+
})();
31+
32+
`;
33+
execInPage(code);
34+
35+
36+
async function execInPage(code) {
37+
38+
var [tab] = await chrome.tabs.query({
39+
currentWindow: true,
40+
active: true
41+
});
42+
43+
chrome.scripting.executeScript({
44+
target: { tabId: tab.id },
45+
func: (code) => {
46+
var el = document.createElement('script');
47+
el.textContent = code;
48+
document.head.appendChild(el);
49+
},
50+
args: [code],
51+
world: 'MAIN'
52+
});
53+
54+
}
55+
56+
57+
58+
}//onload
59+
60+

0 commit comments

Comments
 (0)