Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Safari's JS security-policy error emergency. Needs to be fixed immediately!
 
  • Locked thread
LP0 ON FIRE
Jan 25, 2006

beep boop
Two months ago I was able to run AppleScript from Automator that injects JavaScript into a series of YouTube edit pages on Safari. Now I am getting "Content Security Policy" errors which prevent additional further scripts to run:
  1. The source list for Content Security Policy directive 'script-src' contains an invalid source: ''strict-dynamic''. It will be ignored.
  2. Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
If you have a YouTube account with videos uploaded, you can see these errors for yourself by navigating to one of your videos and clicking the blue Edit button. Open up Inspector and see the two errors listed.

At first I thought I was required to add additional information to a script tag that includes a nonce, but now it seems apparent just because any error is happening that stops the script from running any further.

I tried running my AppleScript to inject JavaScript on an older version of Safari (9), but I am still somehow getting those same errors plus additional ones.

Sorry for making a new thread. It's critical for me to run these scripts as soon as possible. How can I prevent these errors from occurring so I can run my scripts?

* # ? Mar 27, 2018 17:23
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 3, 2024 10:54
  • Quote
YO MAMA HEAD
Sep 11, 2007

 i saw your post last night but couldn't really figure out what it was doing. can you post a reduced example?

* # ? Mar 27, 2018 17:32
  • Quote
LP0 ON FIRE
Jan 25, 2006

beep boop

YO MAMA HEAD posted:

i saw your post last night but couldn't really figure out what it was doing. can you post a reduced example?

Sure, although my script isn't causing the error. The errors are already there when the page loads without my script.
code:
do JavaScript "document.getElementsByName('title')[0].value = '" & titleVal & "'; document.getElementsByName('description')[1].value = '" & descVal & "'; 
document.getElementsByClassName('save-changes-button')[0].removeAttribute('disabled');
document.getElementsByClassName('save-changes-button')[0].click();" in current tab
All this does is add a title and description to those fields on the YouTube edit page, remove the Save disabled attribute, and clicks Save.

I was thinking about moving onto Chrome, but Chrome gives me this error twice. Not sure if it will prevent me from running my JS yet:
O7WUW1q-Kpg?autohide…QhGe8O9p-zpesvoTn:1 Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied.

* # ? Mar 27, 2018 17:36
  • Quote
YO MAMA HEAD
Sep 11, 2007

 i see the CSP errors, but the script runs as expected for me. my automator script:

code:
on run
	tell application "Safari"
		do JavaScript "
			document.getElementsByName('title')[0].value = 'testTitle';
			document.getElementsByName('description')[1].value = 'testDescription';
			document.getElementsByClassName('save-changes-button')[0].removeAttribute('disabled');
			document.getElementsByClassName('save-changes-button')[0].click();
		" in current tab of first window
	end tell
end run

* # ? Mar 27, 2018 17:54
  • Quote
LP0 ON FIRE
Jan 25, 2006

beep boop
Holy crap, that works. It must be how I'm handling my document's text values of strings, but as of now I have no clue what could be different. I'm going to see my backups and check.

* # ? Mar 27, 2018 18:12
  • Quote
LP0 ON FIRE
Jan 25, 2006

beep boop
Thank you. Found out it was my text file with extra single quotes I thought I escaped.

So this has nothing to do with those security errors. I know you’re not supposed to close threads, but mods, feel free to do whatever because I don’t think this will help anyone else.

* # ? Mar 27, 2018 20:02
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 3, 2024 10:54
  • Quote
YO MAMA HEAD
Sep 11, 2007

 glad it worked man

* # ? Mar 28, 2018 01:50
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Safari's JS security-policy error emergency. Needs to be fixed immediately!