Dynamic window or iframe creation with data from a https page
31 views
Skip to first unread message
Damir Prebeg
Aug 20, 2015, 1:40:02 AM8/20/15
to greasemonkey-users
I use greasmonkey script to collect and process data from airbnb
my_reservations page of my own property.
Their web page sucks big time so my script assembles a list in a form of a table with all data I need about my guests (name, booking dates, number of guests, price etc.) and opens blank window where that table was written. I use unsafeWindow to write into that new window but recent security upgrades of FF (now i have FF 40) have broken my script. I used this code to create new window:
Their web page sucks big time so my script assembles a list in a form of a table with all data I need about my guests (name, booking dates, number of guests, price etc.) and opens blank window where that table was written. I use unsafeWindow to write into that new window but recent security upgrades of FF (now i have FF 40) have broken my script. I used this code to create new window:
//var newTab = window.open ('about:blank', '_blank');
var newTab = unsafeWindow.open ('about:blank', '_blank');
var D = newTab.document;
var scriptNode = D.createElement ('script');
scriptNode.type = "text/javascript";
scriptNode.textContent = "document.write(unescape('"+ret+"'));";
var targ = D.getElementsByTagName ('head')[0];
targ.appendChild (scriptNode);
}
Variable ret is assebled data. New window opens but it's blank because i get this error:
resource at self ("script-src
'sha256-8Kp4YIWqA8yhCJaTWnmB7Wv7OjnXnX661ygwccVuDRw='
'sha256-RWjZjHViHqRaxuNn3Gqcy5tg2pM20UIGVdEcuv8LaCE='
https://www.airbnb.com https: 'unsafe-eval' 'unsafe-inline' http:").I have second script that creates an iframe on Hostelworld booking info page without any problems and it's also https. Bat the same code generates an CSP error on Airbnb page:
var docBody = document.getElementsByTagName ('body')[0];
var iframe = document.createElement('iframe');
iframe.frameBorder = 0;
iframe.style.width = "100%";
iframe.style.height = "1350px";
docBody.appendChild(iframe);
iframe.src = 'data:text/html;charset=utf-8,' + encodeURIComponent(InHTML);
}
Can anyone point me in the right dirrection how to bypass this restriction?
Here is https encription info from airbnb and hostelworld, maybe that has something to do with this problem:
Airbnb:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2
Hostelworld:
TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2
Reply all
Reply to author
Forward
0 new messages