Google search result links don't work if Safari connector and Tampermonkey are both enabled

[dstillman]

https://forums.zotero.org/discussion/100346/zotero-connector-tampermonkey-extension-breaks-links-on-google

"SecurityError: The operation is insecure."

Unsafe JavaScript attempt to initiate navigation for frame with URL 'https://www.google.com/search?q=test[…]' from frame with URL 'https://www.google.com/url?sa=t[…]&url=https%3A%2F%2Fwww.merriam-webster.com%2Fdictionary%2Ftest[…]. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame."

@adomasven, any idea what's going on here?

[adomasven]

A shame their source code is not available, but I wouldn't be surprised if Tampermonkey conflicts with any AppExtension. I'll investigate.

[adomasven]

I've dsicovered that this is caused by the single-file-hooks-frames.js file from SingleFile and reported it.

[dstillman]

This isn't caused by SingleFile. I can empty out all three files in build/safari/lib/SingleFile, including single-file-hooks-frames.js, and this still happens. It's fixed if I comment out this line in _injectSingleFileHooks(), but that doesn't have anything to do with SingleFile itself — I can change the path to foo.js and it still breaks.

So it's seemingly caused by something that Tampermonkey does when there's an inserted <script> on the page.

[dstillman]

I've reported this to Tampermonkey.

[dstillman]

https://github.com/zotero/zotero-connectors/commit/f01e95cd56c938cadf8bc9f5bd01dd3da8c849ea does fix this.