Google search result links don't work if Safari connector and Tampermonkey are both enabled

zotero / zotero-connectors

Chrome, Firefox, Edge, and Safari extensions for Zotero

https://www.zotero.org/download/connectors

Other

530 stars 124 forks source link

Google search result links don't work if Safari connector and Tampermonkey are both enabled #404

Closed dstillman closed 1 year ago

dstillman commented 2 years ago

https://forums.zotero.org/discussion/100346/zotero-connector-tampermonkey-extension-breaks-links-on-google

"SecurityError: The operation is insecure."

Unsafe JavaScript attempt to initiate navigation for frame with URL 'https://www.google.com/search?q=test[…]' from frame with URL 'https://www.google.com/url?sa=t[…]&url=https%3A%2F%2Fwww.merriam-webster.com%2Fdictionary%2Ftest[…]. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame."

@adomasven, any idea what's going on here?

adomasven commented 2 years ago

A shame their source code is not available, but I wouldn't be surprised if Tampermonkey conflicts with any AppExtension. I'll investigate.

adomasven commented 2 years ago

I've dsicovered that this is caused by the single-file-hooks-frames.js file from SingleFile and reported it.

dstillman commented 2 years ago

This isn't caused by SingleFile. I can empty out all three files in build/safari/lib/SingleFile, including single-file-hooks-frames.js, and this still happens. It's fixed if I comment out this line in _injectSingleFileHooks(), but that doesn't have anything to do with SingleFile itself — I can change the path to foo.js and it still breaks.

So it's seemingly caused by something that Tampermonkey does when there's an inserted <script> on the page.

dstillman commented 2 years ago

I've reported this to Tampermonkey.

dstillman commented 1 year ago

https://github.com/zotero/zotero-connectors/commit/f01e95cd56c938cadf8bc9f5bd01dd3da8c849ea does fix this.