marcelduran/yslow

YSlow not working on Chrome Version 67.x

timthayne opened this issue · 5 comments

Install message errors with "Invalid manifest"

Further inspection shows that Chrome 67.x requires "manifest_version": 2 to be present in manifest.json, as explained in https://developer.chrome.com/extensions/manifestVersion.

You can unpack the CRX file using 7-Zip, modify manifest.json as described above, and then go to Chrome's chrome://extensions/, activate Developer Mode, and Load Unpacked.

Hi there,

First of thanks for helping in adding the missing manifest line.
On OSX however it results in an error about the "background_page": "background.html",
But with or without that in the manifest file the extensions will show up by loading the unpacked version.

However no functionality you are used of it seems to get triggered.
If you or anybody can comment if this;
A; Works on Windows (and other OSses)?
B; If there is something special we have to do to get it working on OSX.
That would be greatly appreciated.

Thanks in advance for anyone looking into this, while ySlow is a bit older it's a still a must use in my book.

The manifest.json should become something like this:

{
"update_url":"http://clients2.google.com/service/update2/crx",
    "manifest_version": 2,
    "content_security_policy": "script-src 'self'; object-src 'self';",
    "background": {
        "page": "background.html",
        "persistent": false
    },
    "name": "YSlow",
    "version": "3.1.2",
    "description": "Make your pages faster with Yahoo!'s page performance tool",
    "icons": {
        "128": "128.png",
        "16": "16.png",
        "32": "32.png",
        "48": "48.png"
    },
    "browser_action": {
        "name": "YSlow",
        "default_icon": "icon.png"
    },
    "options_page": "options.html",
    "content_scripts": [
        {
            "matches": [
                "http://*/*",
                "https://*/*"
            ],
            "js": [
                "content.js",
                "yslow-chrome.js"
            ]
        }
    ],
    "permissions": [
        "tabs",
        "cookies",
        "http://*/*",
        "https://*/*"
    ]
}

However, the new version of Chrome prevents inline JavaScript from being loaded. It does not allow content_security_policy to be set to less insecure values such as unsafe-inline (See the above snippet. The only possible values are self and sha*. Neither allows inline scripting).

As YSlow code makes heavy use of inline scripts, the underlying code must be carefully modified in order for Chrome to allow it to run. Here's a simple snippet to show the problem (it's part of yslow-chrome.js):

sHtml += '<div id="runtestDiv"><button id="runtest-btn" onclick="javascript:document.ysview.runTest()">Run Test</button></div></div><div class="footer"><div class="moreinfo">' + '<a href="javascript:document.ysview.openLink(\'https://yslow.org/\');"><b>&#187;</b>' + more_info_text + '</a></div></div></div></div></div>';

Here, you can spot two instances of javascript: inline scripts. Many more occur in various other places.

I have test to modify the plugin on chrome, it work well but i have to get rid of all the inline onclick .. but it work with direct input in the javascript console

it appear that the way the plugin grab the tab url is obsolete also :/

i will upload the custom yslow when i have the time to tweak it a little ;)

--

++
You have to delete all the inline js also in the options and backgroung file and put them respectively in a .js link to there old file

edit manifest and use this

{
    "name": "YSlow",
    "manifest_version": 2,
    "version": "3.1.9",
    "description": "YSlow analyzes web pages and suggests ways to improve their performance based on a set of rules for high performance web pages.",
    "icons": {
        "128": "128.png",
        "16": "16.png",
        "32": "32.png",
        "48": "48.png"
    },
    "browser_action": {
        "name": "YSlow",
        "default_icon": {
            "19": "48.png",
            "38": "48.png"
        }
    },
    "background_page": "background.html",
    "options_page": "options.html",
    "content_scripts": [{
        "matches": [
            "http://*/*",
            "https://*/*"
        ],
        "js": [
            "content.js",
            "yslow-chrome.js"
        ]
    }],
    "permissions": [
        "tabs",
        "cookies",
        "http://*/*",
        "https://*/*"
    ]
}