Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This is a hypothetical question:
I want to build a Chrome extension that’ll track a user’s clicks on a subset of webpages where the extension is active, and send data as a POST or GET request via AJAX to an external server I have running somewhere. Is this possible at all, because it sounds like XSS to me? If it is XSS, are there any workarounds?
Thanks in advance for your help.
Edit: To clarify, this question was posed to monitor the clicks within the widget.
This isn’t a hypothetical answer *:
A chrome extension … “can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.”
Source and instructions: Cross-Origin XMLHttpRequest
* … but you should take note of the comments concerning privacy and legality before implementing this!