I recently submitted a chrome extension and it got rejected saying "Where possible, make as much of your code visible in the package as you can. If some of your app's logic is hidden and it appears to be suspicious, we may remove it."
My extension is to share music. It works in the below way (simplified explanation):
Create a group and add people.
Submit a youtube/soundcloud or any title and url.
Users in the group get notified.
I have not used any external libraries. My code is not minified. I am using bootstrap css from their cdn. The code is not fully commented because the function names are very much self explanatory.
The extension does send request to my server to save the title and url. But this should not be the reason for rejection.
This is my 5th chrome extension. My earlier extensions were submitted without any problem.
Any ideas or hints or suggestions ?
I also had the same issue with my extension, after I read Marc's comment I suppose to upload it as new extension. That really work for me
Try uploading it by creating another extension on your dashboard. If that doesn't work, you can upload an empty extension, then issue updates that update the code part by part until you get the error again. – Marc Guiselin
and check if there any external links for js css or fonts, which are not comply with Google's Content Security Policy (CSP)
Related
I have a personal chrome extension that always runs in development mode. I need it to communicate with a public extension (execute one of its function to be more specific).
Is there any way to get background page of the other extension so I can do this?
I also tried modifying source code of the other extension manually but then chrome show it as corrupted and ask me to reinstall it
Not really, no.
You cannot inject scripts into chrome-extension:// origin of a different extension, and attaching a debugger there (without whitelisted, private APIs) is going to be tricky (custom launch flags), if at all possible. Note that there's a feature request to allow that.
As suggested by wOxxOm, your best bet is to create a personal copy of the other extension (if at all possible); perhaps adding hooks for External Messaging or merging your code in.
I am building an extension for Chrome which gives the user a basic API. I would like for other developers to have the ability to add functions of their own to my API. For example, some developers offer a new "plugin" (which is only JavaScript code), and I want users to be able to download that plugin into their extension.
The main problem I'm facing is this:
How do you load new code into an extension permanently?
Ideally I would like to add code into the extension's JavaScript, but I have no way to write to the file; I am under the impression that I am restricted by JavaScript - is this true?
While I could perhaps load new code dynamically (by downloading some script), that code will only hold for the current run, and is not added permanently. Rather, it is gone once the user reloads the extension.
The only solution I can see so far is to create a login system where I save each user's downloaded plugins and give him the mandatory option to load them every time he opens the extension.
This method is very messy and impractical, because I don't want to make a user login every time. In fact, I would very much like to refrain from using any login system whatsoever.
What I desire is something similar to what the GreaseMonkey extension does, which is the ability to let users write scripts and allow other users to be able to download them.
I'm obviously looking to create an extension which is much smaller and simpler than GreaseMonkey, but something like GreaseMonkey is more or less what I am looking for.
Any thoughts or suggestions?
All of the "plugins" will be independent chrome extensions. You can then use Message Passing to send a message to every installed extension and the ones that are plugins should have code that goes something like:
if recieve "some identifying key"
then respond "information about this plugin"
Now your main extension knows what plugins are installed and can load their JS files using chrome-extension://[extensionID]/file.js".
That should get you started :)
I had a chrome extension built for me and it helps me publish to my wordpress with ease. The problem is that I have a few websites that I would like to use the same extension for which involves nothing more than changing the URL in the extension's settings.
The real question
Assuming I made 3 copies of the same extension, what changes must be implemented in each one to make Google Chrome recognize it as a different extension? Right now, if I change certain attributes in the manifest, Chrome will still recognize it as the original extension and will want to replace the extension I already have installed.
I hope this makes sense. Apparently someone didn't understand what I was talking about so I broke it down. Hope someone can help me out.
I'm only guessing, but I would think that it would be the name field found in the manifest.json file. In theory, if you are managing your own .crx file (for packaged extensions), I guess Chrome could use the name of that file as well. And finally, if you are signing your extension and making it available through the market, the cryptographic signature could be used as well (the .pem being created when you package your extension).
So no real answer, but I believe it must be one of these three (name in manifest, name of crx file or cryptographic signature). If you test it and figure out, be sure to share!
I'd like to try my hand at some Chrome Extension Development. The most I have done with extensions is writing some small Greasemonkey scripts in the past.
I would like to use localStorage to store some data and then reveal the data on a extension button click later on. (Its seems like this would be done with a popup page)
How do I run a script everytime a page from lets say http://www.facebook.com/* is loaded?
How do I get access to the page? I think based off my localStorage requirement I would have to go down the background_page route (correct?) Can the background page and popup page communicate across the localStorage?
UPDATE:
I'm actually looking to learn the "Chrome way". I'm not really looking to run an existing Greasemonkey script
Google actually has some pretty good documentation on creating extensions. I recommend thoroughly reading the following two articles if you haven't already done so:
http://code.google.com/chrome/extensions/getstarted.html
http://code.google.com/chrome/extensions/overview.html
If you want to give your extension access when the user browses to Facebook, you'll need to declare that in the extension's manifest.
Unless you're wanting to save data beyond the life of the browser process, you probably don't need to use local storage. In-memory data can just be stored as part of the background page.
Content scripts (which run when you load a page) and background pages (which exist for the duration of the browser process) can communicate via message passing, which is described here:
http://code.google.com/chrome/extensions/messaging.html
Overall, I'd suggest spending some time browsing the Developer's Guide and becoming familiar with the concepts and examples.
Chrome has a feature to automatically convert greasemonkey scripts to extensions!
Recently, i have made a chrome ext, but anyone can read its source code by rename the crx to zip and extract it, how i secure my SC ?
The only way to prevent anyone with your extension from seeing the logic is to move it out of the extension that runs on a user computer and into a web service that the extension accesses.
Since this will slow down the works quite a bit, you should only do this for the really valuable parts of your code.
The best (and only?) way would be to obfuscate your JavaScript.
edit: Chrome Webstore does not allow you to obfuscate your JavaScript code. You can read it in the Chrome Webstore program policies
Code Readability Requirements:
Developers must not obfuscate code or conceal functionality of their
extension. This also applies to any external code or resource fetched by the
extension package. Minification is allowed, including the following forms:
Removal of whitespace, newlines, code comments, and block delimiters
Shortening of variable and function names
Collapsing files together
You can use Google Firebase API and related other storage services for write secure/safe business logic, because your google extension code is always open to show for every one....
:::: Example for your more help ::::
key-value from extension JS code ----- Transfer to Server ----> Firebase API perform your logics ---- send back to ----> extension JS code
FireBase is Free and light weight and perfect for business logic