Sep 13, 2013

Spockholm Mafia Toolbar - Facebook Script Launching


The following post was written by Brandon Venery of Team Spockholm. Those who are wondering what the little Spockholm icon next to your Chrome browser bar is all about or why you needed to give additional permissions to use the Spockholm Mafia Toolbar will find answers. The best part of all this is that Facebook won't be able to break some of our favorite Spocklets anymore. 

Recently you may have noticed your Spockholm Toolbar in Chrome went missing. A quick search and you found out a recent update caused it to become disabled in your extensions.
Upon re-enabling you probably got a message like this:
You may wonder why you need to allow more permissions to use it now. This is due to the newest features, I'll explain the permissions in more detail below but the quick answer is for the new feature to work, it needs to be able to load "","", and ""

Once the toolbar is re-enabled you should now see a small Spock guy in the top right of your browser.

Click on him and you'll get a new dropdown menu. This is where the magic happens.
From here you can launch scripts, and they are loaded in the background and injected into the facebook page.  If you have used chrome recently you probably know that scripts either just don't work, or are terribly temperamental. This is because a change on Facebook where Facebook only allows their own scripts to run. If you try to launch another type of script there is an error that looks like this:

This new feature allows you to avoid this error and run any slew of facebook based scripts without issues. As you can see though, Switch is the only script (right now) that is a default script. You can add your own though with ease. Click on the "Add New Script" button and you'll get a new screen that looks like this:
From here you can paste in direct links to scripts(, or full javascript code (javascript:somemessofcode();). Note that the name is optional, but recommended. If you don't define a name, it will use the filename of the script you entered. 

If you're trying to add a script not on "" you'll get the message above. ANOTHER PERMISSION? Well yes. To load the script, the extension needs to be able to load that website. Initially for safety and trying to keep new permissions to a minimum, it only requests the ones that are truly needed. All subsequent ones you can request as needed. When you hit the "Request the Permission" button you'll get a screen like this:

If you allow it, your script will now show in the list
If you ever need to remove a script, all you have to is right click on it and hit ok on the confirmation. 
From here you can go about all your Facebook scripting needs by just clicking on whichever script you want to use! If you're still unsure, here is a video demo of an earlier version that works the same.

The following is Geek Mode explanation of the permissions and why Chrome's wording is a bit harsh. Continue reading if you so desire, but not relevant to actual script use. 

This extension uses the chrome extension API's to accomplish the task. It takes link to the script and passes it to the background page which fires off a XMLHttpRequest to load that script.  In normal browsing this would be restricted due to cross site restrictions (a browser security feature, you don't want any old site loading scripts and running them). Chrome Extensions are powerful though in that they can bypass this, but to do so they need explicit permission access to these websites. You can grant these multiple ways, either by defining the websites individually in the manifest or just allowing all_urls. Spockholm Toolbar chose to allow only the specific ones initially, but allow users to request additional ones as needed by using another of the extension API's. The loaded script is then executed using Chrome's execute script API. Now in my opinion, Chrome kind of scaremongers the permissions with its wording of "Can access all data on X site." While you can access the site, it doesn't give it any form of special permission that allows it to take passwords and sensitive data. Only the data that is on the page is available. This is not to say evil developers could not create a way to record things that you enter, but this is why you only install scripts and such from authors and developers you trust. 


  1. where do i get the script to put in the box ?

  2. I don't have the little Spockholm guy on Firefox or is this only for Chrome?

    1. it is just regular FF....

  3. Firefox/Seamonkey version? I should have my morning coffee before asking that of course LOL

  4. My toolbar has been broken for 4 or 5 days now. I use a chrome based browser, Iron, and HAD no problem running anything until, as i mentioned... 4 or 5 days ago.
    NOW, when i try to load my current version of the spockbar, my browser crashes giving me the Awwwwh Snap screen.
    Believe me... I'd rather watch 24 hrs straight of a twirling revolver, then see that gawd awful broken smile file folder.
    I've been hoping that issue would resolve itself and have added a few spock scripts to my add ons plug in manager, but not all are available, that i can find at least...
    So... my questions...
    Is THIS the cause of my problems?
    Will adding this fix my problems?
    Will ALL the previous spock scripts be available and where can i get them? Not all of the spockbar scripts are available on the spock page. :(

  5. I have a suggestion how about a script to open bonus district when ever we want so we can really put it to Zynga

    1. that would be wonderful!!!!

  6. This is why I love mafia wars, you script writers makes it enjoyable to play. As well as saving several broken mice from click abuse.


Comments are moderated and will not be published until they are reviewed. Please don't use bad language or insult others. For faster feedback on questions, visit our fan page.