feat: content script blob src

Author: WindRunnerMax

.github/ISSUE_TEMPLATE.md

@@ -13,6 +13,7 @@
 - [ ] Force Copy
 - [ ] Copy Currency
 - [ ] Site Director
+- [ ] Water Mark
 - [ ] Captcha
 - [ ] Expansion
 - [ ] Completion

packages/force-copy/src/content/index.ts

@@ -4,15 +4,15 @@ import { onPopupMessage } from "./channel/popup";
 import { LOG_LEVEL, logger } from "@/utils/logger";
 import { initializeWorker } from "./runtime/initialize";
 import { isInIframe } from "@/utils/is";
-import { importScript } from "./runtime/script";
+import { importInjectScript } from "./runtime/script";
 
 (() => {
   if (__DEV__) {
     !isInIframe && onReceiveReloadMsg();
     logger.setLevel(LOG_LEVEL.INFO);
   }
   logger.info("Content Script Loaded");
-  importScript();
+  importInjectScript();
   !isInIframe && initializeWorker();
   PCBridge.onPopupMessage(onPopupMessage);
 })();

packages/force-copy/src/content/runtime/script.ts

@@ -1,17 +1,34 @@
-export const importScript = () => {
+export const importInjectScript = () => {
   const fn = window[process.env.INJECT_FILE as unknown as number] as unknown as () => void;
   // #IFDEF GECKO
-  if (fn) {
-    // FIX: FireFox 的 XML 阅读页面会嵌入 script 标签
-    if (document instanceof XMLDocument) return void 0;
+  if (fn && document instanceof XMLDocument === false) {
     const script = document.createElementNS("http://www.w3.org/1999/xhtml", "script");
     script.setAttribute("type", "text/javascript");
     // 这里的内容需要跟 WrapperCodePlugin 的 HASH 计算保持一致
-    script.innerText = `;(${fn.toString()})();`;
+    const code = `;(${fn.toString()})();`;
+    script.innerText = code;
     document.documentElement.appendChild(script);
     // 在这里仅移除 script 标签, 但不会删除 window 上的属性
     // 保证注入重试, inject 幂等且 content 处于隔离环境不会受到影响
     script.remove();
+    // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts
+    const unsafeWindow = window.wrappedJSObject;
+    const signal = process.env.EVENT_TYPE;
+    // 此时说明页面中的脚本没有被注入 尝试以 blob 的形式注入
+    if (unsafeWindow && !unsafeWindow[signal]) {
+      const blob = new Blob([code], { type: "application/javascript" });
+      const url = URL.createObjectURL(blob);
+      const script = document.createElementNS("http://www.w3.org/1999/xhtml", "script");
+      script.setAttribute("type", "text/javascript");
+      // 实际上这里是异步的引入 不能完全保证 document_start 的时机
+      (<HTMLScriptElement>script).src = url;
+      document.documentElement.appendChild(script);
+      script.onload = () => {
+        script.remove();
+        // 如果仍然不存在 尝试在 Content Script 中执行
+        !unsafeWindow[signal] && fn();
+      };
+    }
   }
   // #ENDIF
 };

packages/force-copy/src/inject/types/global.d.ts

@@ -1,5 +1,6 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 declare interface Window {
   pad?: any;
+  wrappedJSObject?: any;
   SpreadsheetApp?: any;
 }

packages/force-copy/src/worker/index.ts

@@ -1,5 +1,5 @@
 import { LOG_LEVEL, logger } from "@/utils/logger";
-import { importScript } from "./runtime/script";
+import { importWorkerScript } from "./runtime/script";
 import { CWBridge } from "@/bridge/content-worker";
 import { onContentMessage } from "./channel/content";
 import { initializeEvents } from "./runtime/initialize";
@@ -8,7 +8,7 @@ import { initializeEvents } from "./runtime/initialize";
   if (__DEV__) {
     logger.setLevel(LOG_LEVEL.INFO);
   }
-  importScript();
   initializeEvents();
+  importWorkerScript();
   CWBridge.onContentMessage(onContentMessage);
 })();

packages/force-copy/src/worker/runtime/script.ts

@@ -3,7 +3,7 @@ import { cross } from "@/utils/global";
 import { logger } from "@/utils/logger";
 import { CODE_PREFIX, CODE_SUFFIX } from "../utils/constant";
 
-export const importScript = () => {
+export const importWorkerScript = () => {
   // #IFDEF CHROMIUM
   // https://bugs.chromium.org/p/chromium/issues/detail?id=634381
   // https://stackoverflow.com/questions/75495191/chrome-extension-manifest-v3-how-to-use-window-addeventlistener
@@ -52,6 +52,7 @@ export const importScript = () => {
   // 使用 cross.tabs.executeScript 得到的 window 是 content window
   // 此时就必须要使用 inject script 的方式才能正常注入脚本
   // 然而这种方式就会受到 content security policy 策略的限制
+  // https://github.com/violentmonkey/violentmonkey/issues/1001
   // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onHeadersReceived
   chrome.webRequest.onHeadersReceived.addListener(
     res => {