开发者

Sending MySQL query to site I own from a different site (using Google Chrome Extension)

开发者 https://www.devze.com 2023-02-04 19:25 出处:网络
I want to write a Google Chrome Extension that can take information from a site that I do not own (www.notmysite.com), send that info to a site I do own (www.mysite.com), and do some sort of MySQL que

I want to write a Google Chrome Extension that can take information from a site that I do not own (www.notmysite.com), send that info to a site I do own (www.mysite.com), and do some sort of MySQL query with that information on my site.

For example, I'd like to be able to take some javascript variable that I've parsed from the HTML on www.notmysite.com and INSERT it in the MySQL database on www.mysite.com. I have no problem making XMLHttpRequests from one www.notmysite.com page to another, but am running into cross-domain scripting restrictions when I try to connect to www.mysite.com.

Is there a way around this? It seems like there should be since I own www.mysite.com!

(T开发者_开发知识库his is essentially a screen scraping problem. I want to screen scrape straight to a database.)


You can work around cross-domain restrictions by using a technique called "script tag injection". That is, you can manipulate the document to insert a <script> tag with a "src" attribute pointing to an off-site domain, along with whatever query string parameters you wish to pass.

<script src="http://www.mysite.com/someScript?param=value"></script>

When you inject the a tag like the one shown above into your document, the browser will hit that URL to retrieve whatever might be there; and you can take the opportunity within "someScript" to save the passed value, or whatever else it is you wish to do.

Fortunately, you're not the first person to run into this problem, and much of the hard work has already been done. Take a look at jQuery's $.ajax() method, which has built-in support for JSONP. This will allow you to easy leverage the technique.


You can avoid cross domain restrictions if you run your ajax call from a background page (not from a content script) and have corresponding domain permissions declared in manifest file.

0

精彩评论

暂无评论...
验证码 换一张
取 消