-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcontent.js
More file actions
120 lines (103 loc) · 4.26 KB
/
content.js
File metadata and controls
120 lines (103 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
// CSP Test Script using Web Accessible Resources approach
console.log("%cCSP Tester Extension: Starting test", "color: blue; font-weight: bold");
/**
* This script attempts to load an external script from the extension's
* web accessible resources. If the script loads successfully, it means
* the CSP has been modified/removed. If it fails to load, CSP is still active.
*/
// Create a flag to track load status
let scriptLoaded = false;
// Function to show the test results on the page
function showResults(success, error = null) {
console.log(`%cCSP Test ${success ? 'PASSED ✅' : 'FAILED ❌'}: ${success ? 'Script loaded successfully' : 'Script blocked by CSP'}`,
`color: ${success ? 'green' : 'red'}; font-weight: bold`);
if (error) {
console.error('CSP Test Error:', error);
}
// Create visual indicator if the test failed (the successful test creates its own indicator)
if (!success) {
const overlay = document.createElement('div');
overlay.style.position = 'fixed';
overlay.style.top = '10px';
overlay.style.right = '10px';
overlay.style.zIndex = '2147483647';
overlay.style.background = 'rgba(0, 0, 0, 0.85)';
overlay.style.padding = '15px';
overlay.style.color = 'white';
overlay.style.fontFamily = 'Arial, sans-serif';
overlay.style.fontSize = '14px';
overlay.style.borderRadius = '5px';
overlay.style.maxWidth = '300px';
overlay.style.boxShadow = '0 0 10px rgba(0,0,0,0.5)';
overlay.style.lineHeight = '1.5';
let resultHTML = `
<div style="text-align: center; margin-bottom: 10px; font-weight: bold; font-size: 16px; padding-bottom: 5px; border-bottom: 1px solid #555;">
CSP Header Test Results
</div>
<div style="margin: 10px 0;">
<div><span style="color: #F44336">●</span> External Script: <span style="color: #F44336">BLOCKED</span></div>
</div>
<div style="margin-top: 10px; padding-top: 5px; border-top: 1px solid #555; font-weight: bold; color: #F44336;">
Conclusion: CSP appears to be ACTIVE
</div>
<div style="font-size: 10px; margin-top: 10px; color: #AAA;">
Chrome Extension CSP Test
</div>
`;
overlay.innerHTML = resultHTML;
// Add close button
const closeBtn = document.createElement('div');
closeBtn.style.position = 'absolute';
closeBtn.style.top = '5px';
closeBtn.style.right = '8px';
closeBtn.style.cursor = 'pointer';
closeBtn.style.fontSize = '16px';
closeBtn.style.fontWeight = 'bold';
closeBtn.style.color = '#AAA';
closeBtn.textContent = '×';
closeBtn.onclick = function() { overlay.remove(); };
overlay.appendChild(closeBtn);
document.body.appendChild(overlay);
}
}
// Try to load the test script from extension's web accessible resources
function loadTestScript() {
try {
// Get the URL to the test script
const scriptURL = chrome.runtime.getURL('csp-test-manual.js');
console.log('%cAttempting to load script from:', 'color: blue', scriptURL);
// Create a script element to load the test script
const script = document.createElement('script');
script.src = scriptURL;
// Set up success and failure handlers
script.onload = () => {
scriptLoaded = true;
console.log('%cScript loaded successfully!', 'color: green; font-weight: bold');
// We don't need to call showResults here as the loaded script will show its own results
};
script.onerror = (error) => {
console.error('%cScript failed to load:', 'color: red', error);
showResults(false, 'Script load error - CSP likely blocked it');
};
// Add the script to the page
document.head.appendChild(script);
// Set a timeout to check if the script loaded
setTimeout(() => {
if (!scriptLoaded && !window.CSP_TEST_PASSED) {
showResults(false, 'Script load timeout - CSP likely blocked it');
}
}, 2000);
} catch (e) {
console.error('Error setting up test script:', e);
showResults(false, e);
}
}
// Wait for the page to be ready before running the test
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', () => {
setTimeout(loadTestScript, 500);
});
} else {
// Page already loaded
setTimeout(loadTestScript, 500);
}