javascript - 如何从 chrome 扩展绕过 chrome 默认密码管理器?
问题描述
我正在为 chrome 开发密码管理器扩展,这里的问题是密码应该被安全锁定。考虑这种情况,两个人使用相同的电脑和浏览器配置文件,person1 保存密码并希望保护它免受 person2 的影响。我已经完成了根据用户提要自动完成登录表单的扩展。但是,chrome 密码管理器正在干扰并尝试保存 person1 和 person2 都可以看到的密码。如果 person2 故意打开 chrome 内置的密码保护程序并查看密码,那么它完全破坏了扩展用例。所以,我想出了创建一个具有相同输入字段的假表单的想法,但是 chrome 保存实际密码和用户名而不是虚拟值是没有用的。这是我通过内容脚本注入的代码。
const codeit = (querytype, query, value, track) => {
if(querytype == 'id'){
var x = "var t"+ track +"= document.getElementById('"+ query.replaceAll('<','<').replaceAll('>','>') +"');t"+ track +".focus();t"+ track +".style.opacity = \"1\";t"+ track +".setAttribute('type', 'text');t"+ track +".focus();t"+ track +".setAttribute('value','"+ value +"');"
}
else if(querytype == 'name'){
var x = "var t"+ track +"= document.getElementsByName('"+ query.replaceAll('<','<').replaceAll('>','>') +"')[1];t"+ track +".focus();t"+ track +".style.opacity = \"1\";t"+ track +".setAttribute('type', 'text');t"+ track +".focus();t"+ track +".setAttribute('value','"+ value +"');"
}
else if(querytype == 'class'){
var x = "var t"+ track +"= document.getElementsByClassName('"+ query.replaceAll('<','<').replaceAll('>','>') +"')[1];t"+ track +".focus();t"+ track +".style.opacity = \"1\";t"+ track +".setAttribute('type', 'text');t"+ track +".focus();t"+ track +".setAttribute('value','"+ value +"');"
}
else if(querytype == 'query'){
var x = "var t"+ track +"= document.querySelectorAll('"+ query.replaceAll('<','<').replaceAll('>','>') +"')[1];t"+ track +".focus();t"+ track +".style.opacity = \"1\";t"+ track +".setAttribute('type', 'text');t"+ track +".focus();t"+ track +".setAttribute('value','"+ value +"');"
}
return x;
}
const codeit_todummy = (track) => {
var x = "t"+ track +".setAttribute('value','Dummy');"
return x;
}
const codeit_newele = (querytype, query) => {
if(querytype == 'id'){
// var x = "var n"+ track + " = document.createElement('input'); n"+ track +".id = '"+ query + "'; n"+ track +".value = 'dummey'; form.append(n"+ track +");";
var x = "<input id = '" + query.replaceAll('<','<').replaceAll('>','>') + "' value='dummey' >"
}
else if(querytype == 'name'){
// var x = "var n"+ track + " = document.createElement('input'); n"+ track +".name = '"+ query + "';n"+ track +".value = 'dummey'; form.append(n"+ track +");"
var x = "<input name = '" + query.replaceAll('<','<').replaceAll('>','>') + "' value='dummey'>"
}
else if(querytype == 'class'){
// var x = "var n"+ track + " = document.createElement('input'); n"+ track +".class = '"+ query + "';n"+ track +".value = 'dummey'; form.append(n"+ track +");"
var x = "<input class = '" + query.replaceAll('<','<').replaceAll('>','>') + "' value='dummey'>"
}
return x;
}
chrome.contextMenus.onClicked.addListener(function(info, tab) {
if (tab) {
chrome.storage.sync.get("groups",function(data){
if(data.groups === undefined){
}
else{
var groups = data.groups
for(let group in groups){
if (info.menuItemId === groups[group].group_name){
var qss = groups[group]
var text = "";
var track = 0
var btns = []
var dummies = []
var dumbuttons = []
var new_inputs = []
for(let item in qss){
track+=1;
if(qss[item].Query === undefined){
}
else{
if(qss[item].Value == 'click()'){
if(qss[item].QueryType == 'id'){
var bclick = "var t"+ track +"= document.getElementById('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"');t"+ track +".focus();t"+ track +".click();console.log('clicked');"
}
else if(qss[item].QueryType == 'name'){
var bclick = "var t"+ track +"= document.getElementsByName('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"')[0];t"+ track +".focus();t"+ track +".click();console.log('clicked');"
}
else if(qss[item].QueryType == 'class'){
var bclick = "var t"+ track +"= document.getElementsByClassName('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"')[0];t"+ track +".focus();t"+ track +".click();console.log('clicked');"
}
else if(qss[item].QueryType == 'query'){
var bclick = "var t"+ track +"= document.querySelector('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"');t"+ track +".focus();t"+ track +".click();console.log('clicked');"
}
btns.push(bclick);
if(qss[item].QueryType == 'id'){
var bclick = "var t"+ track +"= document.getElementById('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"');t"+ track +".focus();"
}
else if(qss[item].QueryType == 'name'){
var bclick = "var t"+ track +"= document.getElementsByName('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"')[0];t"+ track +".focus();"
}
else if(qss[item].QueryType == 'class'){
var bclick = "var t"+ track +"= document.getElementsByClassName('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"')[0];t"+ track +".focus();"
}
else if(qss[item].QueryType == 'query'){
var bclick = "var t"+ track +"= document.querySelector('"+ qss[item].Query.replaceAll('<','<').replaceAll('>','>') +"');t"+ track +".focus();"
}
dumbuttons.push(bclick);
}
else{
var x = codeit(qss[item].QueryType,qss[item].Query,qss[item].Value, track);
text += x;
var y = codeit_todummy(track);
var z = codeit_newele(qss[item].QueryType, qss[item].Query);
dummies.push(y);
new_inputs.push(z);
}
}
}
var form = "<form method='post' action='.'>" + new_inputs.join(' ') + "</form>"
var injectform = "var body = document.querySelector('body'); body.innerHTML = \"" + form + "\" + body.innerHTML;"
var code = injectform + text //+ btns.join(' ') + wait;
console.log(code);
chrome.tabs.executeScript(tab.id, { code: code });
}
}
}
});
}
});
请帮我解决这个问题。即使您有新想法,也请分享。
解决方案
推荐阅读
- javascript - React Native - 以编程方式关闭警报
- java - Maven 阴影插件将文件重定位到主文件夹
- mysql - 从“09 - 10 10 - 11 11 - 12”之类的字符串在mysql中解析/计数
- excel - 如何从众多元素下的div元素中提取文本?
- python - PySpark:减去两个时间戳列并以分钟为单位返回差异(使用 F.datediff 仅返回一整天)
- php - phpmyadmin 在同一查询中给出与 php 不同的结果?
- python - 找到 2 个对象的不同中心
- php - 如何运行 symfony 控制台?
- google-chrome - 如何将 CryptoTokenExtension 设置为在 HTTP 下工作以进行开发工作
- python-3.x - 如何使用python将多页tiff转换为jpeg