Hi all,
I’m always on the dev channel for Chrome, and after updating to Chrome 59, all of my macros that were relying on Google Chrome control features (where accessing fields or running JS is concerned) stopped working.
The last comment seems to say it’s doable, but there would have to be a chrome extension published (which seems kind of like a pain), but I was wondering if any of you have run into this, what workarounds, if any that have worked, and for @peternlewis, if you know if there’s some other way to accomplish this.
Hopefully an update could take care of it easily, but I’m worried this is now a feature that’s gone forever
As this change rolls out, JavaScript injection via Applescript will not work in Chrome. We’re making this change in order to protect users from disruptive ads. Applications that legitimately need to inject JavaScript into Chrome can do so by publishing an extension and using Native Messaging to communicate with their application process.
Have you tested just controlling Chrome via AppleScript without any JavaScript?
For example, does this work?
Make sure you have Chrome open with at least one tab. More would be better.
tell application "Google Chrome"
set windowTabList to URL of tabs of windows
set tabURL to URL of active tab of window 1
set URL of active tab of window 1 to "https://www.apple.com"
end tell
Their suggested solution is insane - what about users using Script Editor? They cannot be expected to write a native extension.
I checked and my Chrome is currently up to date and not exhibiting this failure (at least Keyboard Maestro’s Google Chrome actions continue to work. But it is only Version 57.0.2987.133, and this is talking about Chrome 59.
So if this does indeed block JavaScript via AppleScript when rolled out all the actions will stop working, as will all the AppleScripts written to control Chrome on this forum.
Other than complaining on the forum about this, the only other alternative is to switch to Safari.
Yeah, Applescript in general is working, and the code snippet you pasted also works. I believe it's just the execute JavaScript part that's been disabled.
I completely agree with you, as is their purported reason (to "prevent disruptive ads", which to me, if someone is able to execute applescript on your computer, ads are the least of your worries).
They've updated it since I posted this, which is a good sign (the title of the ticket used to be something like "Add a feature flag to disable Javascript execution in Applescript"), but the logic of all of this is just really weird.
If they're disabling it by default on all of the developer friendly channels, why is it that average users wouldn't need that protection.
According to this, it appears it's a server that Chrome pulls feature flags from at startup.
Later on in that thread, it appears that it's Finch is where they pull everything that's available in chrome://flags, so at least that's something.
Hopefully this will be a non-issue.
Thanks for checking. At least it is not as bad as I first feared.
Still, this is a rediculous "feature" to be forced on users. At the minimum Google should provide an option/preference to turn it off, much like Apple did with Safari.
@peternlewis, do you see this as the same issue Keyboard Maestro initially had with Safari?
Yes. My guess would be that they are following Apple’s lead in disabling JavaScript access via AppleScript for whatever insane reason Apple had for doing this (which probably is related to some actual vulnerability, probably after your Mac is already thoroughly compromised).
I just posted this. You will need a Google GMail account (or other Google account). I urge everyone make a post and voice their concern.
ATTN: Official Chrome Developers and Managers
Please do not release this change without providing the end-user a means to enable JavaScript injection using AppleScript, as is done with Safari.
There are a great many Mac users, who prefer Chrome, that have essential workflows that depend on being able to do this. It would be a major impact to our productivity, and probably force us to switch browsers to Safari, which still supports JavaScript injection by AppleScript.
There are also a number of high-use Mac apps like Alfred and Keyboard Maestro that depend on being able to inject JavaScript using AppleScript.
I somewhat understand your security concerns, and I'm almost always a big fan of improved security. But I'm sure you realize too much security is like being in jail. Might as well not use the product at all. I do not understand the statement that this issue is the cause of ads being improperly displayed in the Chrome browser. I have never seen this, nor heard of it, and since AppleScript is ALWAYS executed in the user's context, and I don't see how it is possible, without the user approving it.
Thank you for your careful consideration of this request.
