Injecting Javascript before page loads

[ghost]

How would I inject this javascript: alert('INJECTED') into a website being served? Also, can I intercept AJAX/Http requests from the website through the proxy?

Injecting Javascript using response middleware will inject the script for ALL the sites proxied through, right?

[nfriedly]

Yep, take a look at https://github.com/nfriedly/node-unblocker/blob/websockets/lib/client-scripts.js

I had to add that to catch websocket connections and force them to go through the proxy, and I have todo's for XMLHTTPRequest and fetch.

Everything in this section gets wrapped in an IIFE and injected right after the <head> tag:

https://github.com/nfriedly/node-unblocker/blob/7c442000c14d0140fccfa1a4ee8df7122dd76302/lib/client-scripts.js#L15-L45

Note that websockets always require a complete url (including the domain), which would bypass the proxy without this, but XMLHttpRequest and fetch allow for relative URLs which would go to the proxy and just work (sometimes).

[ghost]

Is it possible to add scripts as a configuration option? Would I put the function I want to inject into the response middleware as a string or something?

[nfriedly]

Yeah, that's fine. I'll probably make some changes to it, but not tonight.

On Wed, Apr 15, 2020, 5:09 PM Noah Gerard notifications@github.com wrote:

Interesting. Would you mind if I made a PR request for adding scripts to this list through the code? Maybe something that could be added as a configuration option?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nfriedly/node-unblocker/issues/138#issuecomment-614281093, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4CIBHASLIQAZUUPB2OU3RMYO7HANCNFSM4MIFA62A .