An open-source userscript editor for Safari
- Installation
- Usage
- UI Overview
- Metadata
- API
- Scripts Directory / Save Location
- Getting Help
- FAQs
- Contributing
- Support
- Privacy Policy
- License
Userscripts is available for iOS (iPadOS) and macOS. For all versions, installation is done through Apple's App Store. On macOS, versions prior to 4.x
were made available to download and install directly from the repository, but due to changes in the way Apple allows developers to distribute apps built with the WebExtension API, that is no longer an option.
To run Userscripts on iOS you should be on iOS 15.1 or higher.
To run Userscripts on macOS you should running macOS 12 or higher, along with Safari 14.1 or higher.
It's recommend to read this documentation and, if you have time, watch the following video overviews to familiarize yourself with the app and extension.
Once the app is downloaded and installed the following steps should be taken:
After installing the iOS App, you need two main steps to make the extension work:
-
Open the App and set a directory (For saving and loading userscripts)
- After Userscripts for ios v1.5.0, a local default directory will be set automatically
- In earlier versions please click the
Set Userscripts Directory
button and select the directory
-
Enable the extension in Safari (And grant permissions)
- Manage extensions from Settings App (Settings > Safari > Extensions) or Safari App (
AA
button on iPhone,extension-icon
on iPad, also where you open the extension'spopup
interface) - For optimal experience it's recommended that you
Always Allow
Userscripts forAll Websites
- Manage extensions from Settings App (Settings > Safari > Extensions) or Safari App (
Note
The App cannot detect whether you have enabled the extension in Safari, therefore, the App prompt will not change after you enable the extension. Currently the App interface is only used to set or change the userscripts directory.
You could select an iCloud folder for syncing scripts between macOS and iOS, but please note that there may be delays in synchronization, and you may encounter files be evictioned due to iCloud optimization, please refer to #424.
There are two main ways to install a user script from the iOS version:
- Visit any
.user.js
URL in Safari, then open the extensionpopup
and you will see an installation prompt - You can also save
.user.js
files directly to the Userscripts directory you set above
Tip
Both of the above work equally well in the macOS version.
The iOS version does not include the script editor provided in the macOS version, but you can always edit script files in the directory you set directly on iOS. (use any third-party code editor apps, support in-place opening and editing)
After installing Userscripts on macOS, you do not need to select a userscripts directory if you do not plan on syncing your userscripts between multiple devices. Instead you can choose to use the default directory, which is located at ~/User/Library/Containers/Userscripts/Data/Documents/scripts
- again, this is default (and automatic) behavior. You only need to select a new location if you want to store your userscripts elsewhere, which is especially useful if you are using an external code editor such as Sublime Text or VSCode.
Refer to Apple's official guide page: Use Safari extensions on your Mac
- Extension button - click this button to open the extension interface
- Filter bar - use this input to filter items in the sidebar, by name
- Sort button - changes the order of the items in the sidebar by name or modified time
- Sidebar buttons - described left to right
- The
settings
button (represented by a cog) displays the settings modal (discussed below) - The
plus
button allows users to add new itemsNew CSS
is a "userscript" that expects CSS codeNew Javascript
is a prototypical userscript that expects Javascript codeNew Remote
allows the user to add a remote hosted userscript (or style) by inputting the web address (ex:https://www.k21p.com/example.user.js
)
- The
- Item toggle - this toggle enables or disables an item
- Item - this is the userscript (or style), clicking on it will load it's contents into the editor - you can hide descriptions in the settings area!
- Editor buttons (top) - described left to right
- Update button - this button allows you to update userscripts that meet the following conditions
- metadata contains
@version
tag - metadata contains
@updateURL
tag
- metadata contains
- Download button - click this button to download a copy of your userscript
- Note: every userscript that is displayed in the interface is already present on your local machine, at your save location - the download button offers a quick way to retrieve a copy of that file, without needing to click the settings button, and then the save location link within the settings modal
- Trash button - moves the currently loaded userscript to the trash bin - it will subsequently be removed from the interface and save location
- Update button - this button allows you to update userscripts that meet the following conditions
- Editor buttons (bottom)
Discard
- while editing, reverts any unsaved changes you've made to a userscriptSave
- while editing, saves all changes you've made to a userscriptCommand + S
is the keyboard shortcut for the action
- Auto Close Brackets - toggles on/off auto closing of brackets in the editor
- this affects the following characters:
() [] {} "" ''
- this affects the following characters:
- Auto Hint - automatically shows completion hints while editing
- Hide Descriptions - hides the item descriptions in the sidebar
- Show Invisibles - toggles the display of invisible characters in the editor
- Javascript Linter - toggles basic Javascript linting within the editor
- Tab Size - the number of spaces a tab is equal to while editing, obviously defaults to
4
because using2
spaces is absolute insanity - Enable Injection - toggle on/off script injection for the pages you visit (this is the on/off switch)
- Show Toolbar Count - displays a badge on the toolbar icon with a number that represents how many enabled scripts match the url for the page you are on
- Save Location - where your file are currently located and being saved to (click the blue text to open location)
- Change Save Location (cogs icon) - this button, located directly to the right of the save location, is a shortcut for opening the host app, which will allow you to change the save location
- Global Blacklist - this input accepts a comma separated list of
@match
patterns (Match pattern structure), a page url that matches against a pattern in this list will be ignored for script injection
- Open Page Link - macOS only, opens the extension browser page
- Enable Injection toggle - turns on/off page script injection (on/off switch)
- Refresh View - refreshes the popup view
- Available Updates View - the extension periodically checks all userscripts in your save location for updates and when an update is found, it is shown in this view
- Folder Button - on macOS this button opens your save location directory in Finder, on iOS this button displays the "all scripts view" where you can see every script that found in your save location directory, the "all scripts view" allows you to toggle individual userscript scripts on/off regardless of the current page being displayed in the browser
- Install Prompt - when a userscript is displayed in the browser, this alert displays, giving the user the option to install the userscript into their save location directory, tapping the prompt will take them through the installation steps
- Matched Userscripts List - this list shows the currently matched userscripts relative to the current page being displayed in the browser, all userscripts that match to the domain will be showed, whether they are active or not. Users can click/tap the userscript to the toggle them on/off. If a userscript is active for the domain through a subframe a sub tag will be show next the to the file type indicator
Userscripts Safari currently supports the following userscript metadata:
@name
- This will be the name that displays in the sidebar and be used as the filename - you can not use the same name for multiple files of the same type@description
- Use this to describe what your userscript does - this will be displayed in the sidebar - there is a setting to hide descriptions@icon
- This doesn't have a function with this userscript manager, but the first value provided in the metadata will be accessible in theGM_/GM.info
object@match
- Domain match patterns - you can use several instances of this field if you'd like multiple domain matches - please refer to: Match pattern structure- Note: this extension only supports
http/s
- Note: this extension only supports
@exclude-match
- Domain patterns where you do not want the script to run@include
- Used to match against urls for injection, globs and regular expressions are allowed, read more here@exclude
- Functions in a similar way as@include
but rather than injecting, a match against this key's value will prevent injection@inject-into
- allows the user to choose which context to inject the script into- allows the user to choose which context to inject the script into
- values:
auto
(default),content
,page
GM
apis are only available when usingcontent
- works like violentmonkey
@run-at
- allows the user to choose the injection timing
- document-start, document-end (default), document-idle
- works like violentmonkey
- JS Only
@weight
- allows the user to further adjust script injection timing
- can be used to ensure one script injects before another
- ONLY accepts integers (floats, strings and everything else will be ignored)
- min value = 1, max value = 999, higher numbers (“heavier”) execute earlier
@require
- allows users to include remote resources in their scripts
- the value must be a valid url, currently no local file support
- must require a resource of the same file type (JS for JS, CSS for CSS)
- when a resource is required, it is downloaded and saved locally
- the resources is downloaded once at save and never checked for updates or parsed in anyway
- if you want to update the require resources, and the url does not change, you must remove the resources, save, then re-input it
- require remote resources at your own risk, the extension never validates remote resource code in any way and be aware that using remote resources from untrusted sources can jeopardize your personal security
@version
- used to determine the current version of a userscript
- when paired with
@updateURL
, this will allow the user to update a userscript from a remote source, if the version on their machine is<
version at the update URL @version
does nothing by itself, it needs to be paired with@updateURL
for remote updating to function properly
@updateURL
- the remote url to check version against
- if the version of the file located at the update URL is
>
the version on the local machine, the file will be updated @updateURL
does nothing by itself, it needs to be paired with@version
for remote updating to function properly
@downloadURL
- optional download location for a remotely updateable file (*i.e. a file that has both
@version
and@updateURL
) - when paired with
@version
and@updateURL
, if the local version is<
the version of the file that@updateURL
points to, the extension will attempt to update the file's code with the contents of the file located at the@downloadURL
@downloadURL
does nothing by itself, it needs@version
and@updateURL
to present in order to function properly
- optional download location for a remotely updateable file (*i.e. a file that has both
@noframes
- this key takes no value
- prevents code from being injected into nested frames
All userscripts need at least 1 @match
or @include
to run!
Userscripts currently supports the following api methods. All methods are asynchronous unless otherwise noted. Users must @grant
these methods in order to use them in a userscript. When using API methods, it's only possible to inject into the content script scope due to security concerns.
GM.addStyle(css)
css: String
- returns a
Promise
, resolved if succeeds, rejected with error message if fails
GM.setValue(key, value)
key: String
value: Any
- any can be JSON-serialized- returns a
Promise
, resolved if succeeds, rejected with error message if fails
GM.getValue(key, defaultValue)
key: String
defaultValue: Any
- optional- returns a
Promise
, resolved with thevalue
that was set ordefaultValue
provided orundefined
if succeeds, rejected with error message if fails
GM.deleteValue(key)
key: String
- returns a
Promise
, resolved if succeeds, rejected with error message if fails
GM.listValues()
- returns a
Promise
, resolved with an array of the key names of presently set values if succeeds, rejected with error message if fails
- returns a
GM.getTab()
- returns a
Promise
, resolved withAny
data that is persistent as long as this tab is open if succeeds, rejected with error message if fails
- returns a
GM.saveTab(tabObj)
tabObj: Any
- any can be JSON-serialized- returns a
Promise
, resolved if succeeds, rejected with error message if fails
GM.openInTab(url, openInBackground)
GM.closeTab(tabId)
tabId: Int
- optional, thecaller tab
by default- returns a
Promise
, resolved if succeeds, rejected with error message if fails
GM.setClipboard(data, type)
data: String
type: String
- optional,text/plain
by default- read more here
- returns a
Promise
, resolved with aBool
value indicating succeeds or fails, rejected with error message if fails
GM.info
&&GM_info
- is available without needing to add it to
@grant
- an object containing information about the running userscript
scriptHandler: String
- returnsUserscripts
version: String
- the version of Userscripts appscriptMetaStr: String
- the metablock for the currently running scriptscript: Object
- contains data about the currently running scriptdescription: String
exclude-match: [String]
excludes: [String]
grant: [String]
includes: [String]
inject-into: String
matches: [String]
name: String
namespace: String
noframes: Bool
require: [String]
resources: [String]
- currently not implementedrun-at: String
version: String
- the userscript version value
- is available without needing to add it to
GM.xmlHttpRequest(details)
details: Object
- the
details
object accepts the following propertiesurl: String
- requiredmethod: String
- optional,GET
by defaultuser: String
- optionalpassword: String
- optionalheaders: Object
- optionaloverrideMimeTyp: String
- optionaltimeout: Int
- optionalbinary: Bool
- optionaldata: String
- optionalresponseType: String
- optional- refer to
XMLHttpRequests
- event handlers:
onabort: Function
- optionalonerror: Function
- optionalonload: Function
- optionalonloadend: Function
- optionalonloadstart: Function
- optionalonprogress: Function
- optionalonreadystatechange: Function
- optionalontimeout: Function
- optional- the response object passed to the event handlers has the following properties:
readyState
response
responseHeaders
responseType
responseURL
status
statusText
timeout
withCredentials
responseText
(whenresponseType
istext
)
- returns an object with a single property,
abort
, which is aFunction
- usage:
const foo = GM.xmlHttpRequest({...});
...foo.abort();
to abort the request
- usage:
GM_xmlhttpRequest(details)
- an alias for
GM.xmlHttpRequest
, works exactly the same
- an alias for
This is the directory where the app/extension will read from and write to. This directory is changed by opening the containing app and clicking the respective "change location" button.
Script Directory Notes
- Close all instances of the extension UI (browser app and/or popup) before changing the scripts directory
- After files are added, removed or edited, you will need to open the popup at least 1 time to see those changes reflected in your browsing experience
- On macOS, after a directory outside of the default is selected, if you rename or move that selected directory, the extension will continue to read/write to that directory - the only way to remove the “link” is by trashing the folder or selecting a new save location
If you encounter a problem while using this app/extension or are in need of some assistance, please open an issue here in the repository. When doing so, please provide as much detail as possible. This includes listing system specs and what website and script you are trying to execute. Please follow the issue template!
"Refused to execute a script" error(s), what should I do!?
You are seeing this error because of the website's Content Security Policy. Currently there is no way to allow extension content scripts to bypass CSPs in Safari.
Automatically, the extension will attempt to circumvent strict CSPs, but if you are still experiencing issues, trying setting the userscript metadata key/val
// @inject-into auto
or// @inject-into content
.You can read more about this in this issue.
Do I need to use the extension's editor to create new userscripts or to edit existing?
You can use your own editor to update and manage your files. As long as you are saving the files to the save location, and they are properly formatted, they should be injected. However, you must open the extension popup beforehand. That means, if you create a new or edit an existing userscript with an external editor and save it to the save location, before injection will occur properly, the extension popup must be opened and the popup must load completely.
What are the keyboard shortcuts?
Whilst using the included editor, clicking
⌘ + s
will save the file. While working the editor, clicking⌘ + f
will bring up the search bar andesc
will hide it.
When I use @require
, where are the required files stored?
All required files are saved as Javascript files in the extension container folder in macOS 11.x. That folder is located in the default save location, at:
~/Library/Containers/Userscripts/Data/Documents/require/
.If you move files from the require folder or manually edit the
manifest.json
file, you will likely break app/extension functionality.
Code level contributions are welcome. I prefer to collaborate directly with contributors rather than receiving spontaneous pull requests. If you feel you can improve the project in some way, please reach out to me by email or by opening an issue with your improvement/feature request.
Further, any issue marked "help wanted" is actively seeking assistance. Please respond to those issues with feedback, guidance or offers of coding assistance.
Notes:
- use semantic commit messages
- under most circumstances, you should fork the most current version of the
develop
branch for your contributions
Please ensure your contributions align with the project's license before committing anything.
The quickest and easiest way to support the project is by leaving a positive review on the App Store if you enjoy the extension and want to see future improvements. Seeing these reviews let me know I am doing something right, or wrong, and motivates me to continue working on the project.
The second best way to help out is to sign up to beta test new versions of the app. Since this extension values your privacy, and does not collect any data from users, it is difficult to gauge how the extension is being used. By signing up to be a beta tester it not only allows you to test upcoming features, but also gives me the opportunity to elicit direct feedback from real users.
Please join and test the corresponding beta version in releases via the TestFlight public link.
Userscripts does not collect any data from its users nor monitor activities or actions you perform within the application and extension. This means everything that you do with the application and extension is private to you and is never shared with the developers or third parties. Since there is no data collection, there is no data retention of any kind.
Copyright (c) 2018-2024 Justin Wasack
Licensed under the GNU General Public License v3.0 license for all open source applications. A commercial license is required for all other applications.