General JavaScript injection with uBO

[MasterInQuestion]

    Hacky way of general JavaScript injection with uBlock Origin. (as of 1.64)
    Should portably work for all pages have at least 1 inline "<script>" ("<script>" without "src").

    Caveat: It may break `<script id="ajaxify-data" type="application/json">` alike.
    (non-JS "<script>"s)

    E.g.
    127.0.0.1##+js( rpnt, script, /$/, "; if ( typeof __Trigger === 'undefined' ) { __Trigger = 1; document.addEventListener( 'DOMContentLoaded', function () { alert( '\"Master\'s OK!\"' ); } ); };" )
    .
    Actual utilization: https://github.com/MasterInQuestion/talk/discussions/13#discussioncomment-10428094

    The other is using "replace". (Firefox only)
    E.g. https://github.com/orgs/community/discussions/5972#discussioncomment-7809031

    One more potential way is using "trusted-set-constant" on "onload" alike.
    But currently uBO seems to have bug with it:
    Values limit still caught the trusted variant: effectively turning which into "set-constant" untrusted.
    E.g. compare:
    127.0.0.1##+js( trusted-set-constant, onload, "32767" )
    127.0.0.1##+js( trusted-set-constant, onload, "32768" )
    127.0.0.1##+js( trusted-set-constant, onload, "function () { document.documentElement.style.backgroundColor = 'red'; }" )
    .
    Essential cause:
    "validateConstantFn" not properly handling trusted values
    https://github.com/gorhill/uBlock/blob/2ccb01973ee009e6a2e414cd178e2b9dfce6a230/src/js/resources/set-constant.js#L58

    New addition "trusted-create-html" from 1.64:
    https://github.com/gorhill/uBlock/commits/master/src/js/resources/create-element.js
    .
    Wouldn't work for "<script>":
    example.com##+js( trusted-create-html, "body", "<script> document.body.style.backgroundColor = 'red'; </script>" )

[MasterInQuestion]

[ gwarser @ CE 2025-01-06 13:52:12 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1hl80v7?sort=old#m5p2jyu
    Doc says:
    "Behaves exactly like set-constant, except that any arbitrary JSON-compatible value can be set."
    So you need to use "json:..." or deprecated “{"value": ... }”.

    "rpnt" was introduced to replace code inside inline script and you are supposed to know what you are doing (that's why it's trusted).

    Your post was removed by Reddit Crowd Control, and then confirmed by mod.
    I see your writing style is a lot better.
    But probably the mod who confirmed removal did not understand you.
    (splitting your message to 3 pages probably did not help) ]

----

    Up: https://github.com/uBlockOrigin/uAssets/discussions/18185#discussioncomment-5979353

    Much clumsy that somewhat thwarted the purpose of "trusted"...
    And "rpnt" lacks proper support of elements selection:
    https://github.com/orgs/community/discussions/5972#discussioncomment-7770150