Are google chrome extension "content" scripts sandboxed?

Posted by jabapyth on Stack Overflow See other posts from Stack Overflow or by jabapyth
Published on 2010-04-17T23:39:14Z Indexed on 2010/04/17 23:43 UTC
Read the original article Hit count: 255

I was under the impression that the content_scripts were executed right on the page, but it now seems as though there's some sandboxing going on.

I'm working on an extension to log all XHR traffic of a site (for debugging and other development purposes), and in the console, the following sniff code works:

 var o = window.XMLHttpRequest.prototype.open;
 window.XMLHttpRequest.prototype.open = function(){
     console.log(arguments, 'open');
     return o.apply(this, arguments);
 };
 console.log('myopen');
 console.log(window, window.XMLHttpRequest, window.XMLHttpRequest.prototype, o, window.XMLHttpRequest.prototype.open);

This logs a message everytime an XHR is sent. When I put this in an extension, however, the real prototype doesn't get modified. Apparently the window.XMLHttpRequest.prototype that my script is seeing differs from that of the actual page.

Is there some way around this? Also, is this sandboxing behavior documented anywhere? I looked around, but couldn't find anything.

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about chrome