Browser Control and Recent Security updates

safari
mojave
chrome

#1

There have been a couple security restrictions added to (or to be added to) recent releases of Safari and Chrome that may affect some of the ways you use Keyboard Maestro to control web browsers.

Chrome is adding a restriction similar to the Safari disabled-by-default Allow JavaScript from AppleEvents. So at some point you will likely want to turn this option on if you desire to access Chrome web pages from Keyboard Maestro actions.

Generally I cannot see any value in this security feature, since if code is already running on your Mac and able to send AppleEvents, then you have already utterly lost your security and access to your web pages is the least of your concerns.

Also Safari recently added "Cross-Origin Restrictions". This means if a web page has a frame that contains another frame, and the frames come from different domains, then the javascript in one frame cannot affect the javascript in the other frame. Unfortunately, Safari seems to consider the JavaScript via the "do script" AppleEvent to be in the top level frame, that means it cannot access nested frames from other domains. You may see this when trying to use things like the Click Link action. You can Disable Cross-Origin Restrictions to allow these actions to delve into the sub-frames to find links to click.

Since this restriction applies to frames from different domains, which might including advertising frames within other web browser windows, I probably would not want to disable this restriction in general, but you might want to have your macro disable the restriction (via Select Menu), load or reload the web page, perform the task, and then re-enable the restriction.

A cursory glance at the new restrictions in Mojave do not look like there should be any impact on Keyboard Maestro. However on that note, there does appear to be a bug when trying to turn on Accessibility permissions for Keyboard Maestro Engine in Mojave. This has been reported to Apple, and thankfully you can simply delete the Keyboard Maestro Engine from the Accessibility permissions window and then relaunch the Keyboard Maestro Engine and then you can enable the Accessibility permissions, so it's just an annoying bug rather than a serious issue.


#2

Thanks for the heads up Peter!