Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
此PR修复了脚本设置中授权管理控制无效的问题。主要问题在于当用户在授权管理界面手动添加权限后,这些权限没有被正确检查就被自动拒绝了。
Changes:
- 移除了
GMApiRequest类型中的extraCode字段,简化了错误传递机制 - 新增
queryPermission和buildCacheKey辅助方法,将权限查询逻辑提取为可复用的独立方法 - 重构
GM_cookie和GM_xmlhttpRequest的验证逻辑,在拒绝请求前先检查用户是否已手动授予权限 - 将
GM_xmlhttpRequest的参数验证和错误处理逻辑从主函数移到 confirm 函数中,实现更早的错误检测和报告
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/app/service/service_worker/types.ts | 从 GMApiRequest 类型定义中移除了不再使用的 extraCode 字段 |
| src/app/service/service_worker/permission_verify.ts | 重构 confirm 方法,新增 queryPermission 和 buildCacheKey 辅助方法以支持权限数据库查询 |
| src/app/service/service_worker/gm_api/gm_api.ts | 更新 GM_cookie 和 GM_xmlhttpRequest 的 confirm 逻辑,在自动拒绝前查询数据库中的手动授权记录;移除 xhrExtraCode 枚举;将错误处理提前到 confirm 阶段 |
Co-authored-by: Copilot <[email protected]>
Collaborator
|
我晚點看看 |
cyfung1031
approved these changes
Feb 19, 2026
Collaborator
cyfung1031
left a comment
cyfung1031
left a comment
There was a problem hiding this comment.
原本那三个 error 也有保持到
虽然不太清楚改的是什么,但应该都可以吧
CodFrm
added a commit
that referenced
this pull request
Mar 14, 2026
* 🐛 修复 脚本设置-授权管理 控制无效的问题 * 将校验逻辑放到confirm * 修复GM cookie权限判断 * 删除directDeny * buildCacheKey * 整理代码 * Update src/app/service/service_worker/permission_verify.ts Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]>
CodFrm
added a commit
that referenced
this pull request
Mar 16, 2026
* additional test for responseType=document * 🐛 修复 脚本设置-授权管理 控制无效的问题 (#1267) * 🐛 修复 脚本设置-授权管理 控制无效的问题 * 将校验逻辑放到confirm * 修复GM cookie权限判断 * 删除directDeny * buildCacheKey * 整理代码 * Update src/app/service/service_worker/permission_verify.ts Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]> * 🔒 使用 DOMPurify 清理公告通知 HTML 内容 (#1274) * 🔒 使用 DOMPurify 清理公告通知的 HTML 内容 #1273 使用 DOMPurify 对服务端下发的公告 HTML 进行白名单过滤,防止潜在的 UI 注入风险。只允许基础标签和安全的 CSS 属性(颜色、字体相关)。 * code update --------- Co-authored-by: cyfung1031 <[email protected]> * 🐛 修复 include *?* 表达式处理问题 #1271 (#1272) * 🐛 修复 include *?* 表达式处理问题 #1271 * Added error handling to avoid crash * update globSplit * update globSplit * update globSplit --------- Co-authored-by: cyfung1031 <[email protected]> * fix #1274 (#1275) * fix #1274 * Update index.ts * Array.includes -> Set.has * 🐛 修复与隐身窗口检查权限冲突导致反复重启的问题 * 📄 docs: update Chrome Web Store URLs to new domain (#1279) Google migrated the Chrome Web Store from `chrome.google.com/webstore` to `chromewebstore.google.com`. This updates all CWS URLs across README files to use the new domain. The old URLs currently redirect, but will eventually stop working. * ✅ 添加 Playwright E2E 测试及 GM API 功能测试 (#1283) * ✅ 添加 Playwright E2E 测试 - 新增 22 个 E2E 测试覆盖 Options、Popup、Install、Editor、Settings 页面 - 配置 Playwright 使用 --headless=new 模式加载扩展 - 在 CI workflow 中添加 E2E 测试 job * ✅ 添加 GM API E2E 测试 新增 gm-api.spec.ts 测试三类 GM API: - GM_ 同步 API (gm_api_test.js): 29 项测试 - GM.* 异步 API (gm_api_async_test.js): 29 项测试 - Content 注入测试 (inject_content_test.js): 11 项测试 实现要点: - 两阶段浏览器启动:Phase 1 启用 userScriptsAccess,Phase 2 重启运行测试 - 自动审批权限确认弹窗(cookie 等需要用户授权的 API) - 通过剪贴板注入脚本代码到 Monaco 编辑器 - 替换 jsdelivr CDN 为 unpkg 提升资源加载速度 - 去除 @require/@resource 的 SRI hash 避免校验失败 更新 utils.ts 中 installScriptByCode 增加保存失败的 fallback 检测 * 🐛 修复 GM API E2E 测试 CI 兼容性 - Phase 1 添加 --headless=new 参数,修复 CI 无 X server 环境 - 添加 eslint-disable 注释消除 Playwright use() 的误报 - prettier 格式化修正 * 🐛 修复 E2E 测试 CI 兼容性问题 - vitest.config.ts: 排除 e2e/ 目录避免 Vitest 误跑 Playwright 测试 - eslint.config.mjs: 为 e2e/ 目录关闭 react-hooks/rules-of-hooks 规则 - e2e/options.spec.ts: 菜单正则加 /i 标志修复英文环境大小写匹配 - prettier 格式化修正 * 🚑 修复其他扩展注入 chrome.runtime 导致环境误判的问题 #1280 (#1281) * 🐛 修复其他扩展注入 chrome.runtime 导致环境误判的问题 #1280 移除 isContent 运行时检测,改为通过 CustomEventMessage.envTag 在构建入口确定环境, 避免其他扩展(如大学搜题酱)向页面注入 chrome.runtime 对象导致 inject 环境被误判为 content 环境。 * Update src/app/service/content/gm_api/gm_api.ts Co-authored-by: Copilot <[email protected]> * update * 删除不必要的isconnect * 将 typecheck 集成到 lint/lint-fix 脚本中 * 修复引用 * 删除test-results --------- Co-authored-by: cyfung1031 <[email protected]> Co-authored-by: Copilot <[email protected]> * ⚙️ 优化 CI 流水线和测试配置 - 缓存 Playwright 浏览器避免重复下载 - 测试失败时上传截图/视频/报告等调试产物 - Playwright CI 环境启用 HTML+list 双 reporter、失败截图和视频 - 各工具链配置屏蔽 .claude 目录 * ✅ 修复 e2e 测试 service worker 超时并优化等待策略 - gm-api.spec.ts: Phase 2 重启 context 后等待 service worker 注册完成 再交给 fixtures,避免 extensionId fixture 用 10s 全局超时等待失败 - gm-api.spec.ts: 用事件驱动 Promise 替换 500ms 轮询循环, console 结果一出现立即继续 - utils.ts: installScriptByCode 用 DOM 事件等待替代固定延迟: click 后等光标出现,粘贴后等 .view-lines 内容变化 --------- Co-authored-by: wangyizhi <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Michael Lip <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述 Descriptions
脚本设置-授权管理,手动增加授权无效
原本希望这些验证应该是在confirm里完成的,但是校验处只处理了bool类型和ConfirmParam,然后校验逻辑侵入到GM API逻辑里面去了,感觉是之前写的bug被 @cyfung1031 当feature用了
变更内容 Changes
截图 Screenshots