The docs for Chrome extensions chrome.storage.local state:
The maximum amount (in bytes) of data that can be stored in local
storage, as measured by the JSON stringification of every value plus
every key's length. This value will be ignored if the extension has
the unlimitedStorage permission.
However, the docs for Chrome extensions permissions have a note alongside the unlimitedStorage permission which states:
This permission applies only to Web SQL Database and application
cache (see issue 58985).
It's unclear to me what this note means in regards to chrome.storage.local, especially considering the issue referenced is from 2010, which predates introduction of chrome.storage by 5 years.
Related
I am a doctor who is seeking a solution for my patients. I often receive medical CDs from my patients which contain their radiological data. What I need is a web solution which I can integrate with my web site. But the caveat is that I dont want this to happen via Choose File. Most of my patients are old people who doesnt know much about internet or computers. So I want a single button on my web site which will copy the entire CD in the CD drive and send it to me without any user intervention. Is it possible?
Update:
OK thank you all. I did not intend to break copyright issues. Actually, I thought a user who will hit that "button" will also give permission to access their files. I completely understand your concerns and I completely agree however - as an end-user - this is the problem requiring a solution in my case. After the COVID none of my patients can come to clinical visits and I need to see their follow-up. In neurosurgery, this is very important. I do not know if it is OK to send links (and sorry if it is not) here but for example, this web site makes something similar to my idea but it is not free and it is so complicated for my -low socioeconomic - patient profile.
My target population mostly deals with brain tumors and their level of concern for copyright issues is so low for that reason. I don't mean taking everything from them without their will but this is the case. So again thank you all for enlightening me and I am again sorry if I break the rules of this website.
Introduction
I'm going to go through the reasons as to why the specification as stated, cannot be implemented, and also as to why older technologies that may have allowed this implementation cannot be used.
Do note that even older technologies, would have required some sort of installation or agreement from the user- as a minimum 1 click.
Also note: It is possible to get files from a users system, but you still have to get their agreement through an action or prompt from their part!**
As to what you could do? Tukan already covers some nice alternatives but if I do think of something I will add it!
Basic Explanation
The most basic explanation is that this would be a giant unprecedented security hole. It would mean that browsers would allow a site to access files from a users computer hardware (DVD) without the permission of the user or the active actions of the user.
In your case you do have a valid non-malicious use for it. Imagine however all the malicious websites that would use this mechanism to steal stuff off the DVD/CD that is in the users tray. Imagine the privacy issues, security breaches, and even minor stuff like copyright issues.
Finally, and even worse, if the specific requested allowed access to the whole file system (including all drives like C:), a malicious site could steal everything on a user's system.
The positive (and negative for you) is that browsers have been incrementally locked down over the years and technologies/plugins/extensions/features have been incrementally either locked down, or deprecated/removed. Such technologies include: active X, java applets, and flash.
Finally, browsers like chrome and internet explorer themselves now'a'days run in sandboxes. See for example the article (and this is from 2013!!): Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program
They’re restricted to running in your browser and accessing a limited set of resources — they can’t view your webcam without permission or read your computer’s local files. If websites you visit weren’t sandboxed and isolated from the rest of your system, visiting a malicious website would be as bad as installing a virus.
Other programs on your computer are also sandboxed. For example,
Google Chrome and Internet Explorer both run in a sandbox themselves.
These browsers are programs running on your computer, but they don’t
have access to your entire computer. They run in a low-permission
mode. Even if the web page found a security vulnerability and managed
to take control of the browser, it would then have to escape the
browser’s sandbox to do real damage.
Active X (Deprecated) (Internet Explorer)
Let's start by saying that Active X would require the user to change their Internet Explorer Security Settings so we can strike it off immediately.
If a user did change their settings (see: Enable ActiveX controls in Internet Explorer ) and Enable for IE 11, a developer could use active x to access files on a users system.
Also note Active X is deprecated and rumour has it that it may not be around for long.
Java Signed Applets
Java Signed Applets could access the local file system.
However, Applets are no longer supported in firefox and chrome. They do run in Internet Explorer though IE is deprecated as well (since people are moving to Edge).
There's a very well written answer on the topic here: How do I run Java applets? [duplicate] and Why is the Java plugin (JRE) disabled in Chrome?
Adobe Flash (Previously Macromedia)
First off, flash has been removed from most Internet Browsers and is officially considered dead. Additionally, after Flash Player 10 it was possible to load a file but the user had to select it himself through a dialog (see: Can Flash action script read and write local file system? ).
FileSystem and FileWriter APIs
You can read and write using this API. However, it again requires the user to interact with the webpage and to select the files themselves.
References
Is it possible to access local file via javascript?
Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program
Enable ActiveX controls in Internet Explorer , Enable for IE 11, and active x to access files on a users system
Java Signed Applets could access the local file system, How do I run Java applets? [duplicate], Why is the Java plugin (JRE) disabled in Chrome?
Can Flash action script read and write local file system?
As Andrew mentioned this SO is used for Q&A from/to developers. I'll try to give you a general idea what could be done.
Who should do it?
I think you need some freelancer who would create a code for you.
The mechanism you are describing is not possible due to security issues.
Web page should not have access to the HW, as you would like, without user
interaction.
What is then feasible?
I think what is feasible is an application (thick - meaning .exe file) which would be executed by your patients which would search for a CD/DVD drive, pack it and send it via secure channel to your server. They would need to download it and execute it.
If you have elderly patients you need to visually confirm that the data has been send using some clear message.
Something like: Thank you for sending the data to Dr. Jones. All data has been received.
Secure channel can be for example: ftps, sftp, https, etc.
On your side you would a have a daemon which would serve as endpoint for your patient's data. After receiving the data it should be moved immediately outside the uploading folder.
Edit
One more option that came into my mind would be to distribute a tailored USB key to your patients with such application, which would be executed upon insertion.
I am using the Azure blob's metadata information mechanism mentioned here to save some information in the blob store, and later retrieve information from it.
My questions are mainly related to performance and maintenance concerns.
Is there any upper limit on the size of this metadata? What is the
maximum number of keys I can store ?
Does it expire after a certain date?
Is there any chance of losing data that is stored in the blob
metadata
If yes, I would go ahead, and write these to a database, from the service I am writing. However, ideally, I would like to use the blob's metadata feature, which is very useful, and well thought out.
Check out this documentation:
https://learn.microsoft.com/en-us/rest/api/storageservices/fileservices/Setting-and-Retrieving-Properties-and-Metadata-for-Blob-Resources?redirectedfrom=MSDN
The size of the metadata cannot exceed 8 KB altogether. This means keys, values, semicolons, everything. There is no explicit limitation for the number of keys themselves, but all of them (with the actual values and other characters) must fit into the 8 KB limit.
As for the expiration, I don't think so. At least the documentation doesn't mention it. I guess if expiration was an issue, it would be important enough to be mentioned in the documentation :)
As for losing the metadata: metadata is stored along the blob, so if you lose the blob you lose the metadata (like the datacenter explodes and you didn't have the appropriate replication for your account). Other than that, I don't think it can just disappear. The documentation also states that partial updates are not possible, so it is either updated fully or not, you can't lose half of your updates.
One way to see - how many people downloaded your extension - is to look at statistic in Chrome webstore.
Another way is to add inside background.js the chrome.runtime.onInstalled.addListener and send information on server each time, when somebody installed an extension.
My problem is that the information, collected by both these ways - is not similar.
Number of downloads, presented in Chrome webstore is less, than number of installations, collected by second way (for unique ip-addresses).
Why? Can anybody explain it?
chrome store also takes into account the uninstalls, while your method only counts installs.
you can also detect uninstalls by setting the url to open on uninstall and tally it on your server. see https://developer.chrome.com/extensions/runtime#method-setUninstallURL
with that, the numbers will match closer. still not perfect as the store takes sometimes weeks to add the stats for a day.
The number of unique IP addresses is not a reliable indicator for users, because users may be using a dynamic address (instead of a static IP address that does not change), and multiple users may be sharing an IP address (behind a NAT or proxy).
And chrome.runtime.onInstalled is not just triggered upon a new installation of your extension, but also when the browser/extension is updated.
So, your way of counting unique users is flawed (and given the small number of users, it is likely that your method is overestimating the number of users).
The Chrome Web Store dashboard (for developers only) provides the number of daily installations (probably measured by counting the number of on-demand CRX downloads).
The Chrome Web Store publicly shows the number of weekly users (measured by counting the number of update checks per week).
This number is not the number of active weekly users, and probably over-estimates the number of actual users.
For example, I have an extension that used to have 1.7k users. Because the extension became obsolete, I published an update that sends a ping to my server and removes the extension itself (using chrome.management.uninstallSelf). Every week, I receive at most a few pings, yet the CWS claims that the extension has about 400 weekly users (these users probably disabled my extension; consequently the extension cannot remove itself but Chrome still checks for updates).
Accurately counting number of users
If you want to know the number of installations, look at the CWS dashboard. If you want to continue to use the onInstalled method, at the very least check whether details.reason === 'install'.
If you want to have the most reliable indicator of "user", generate a random identifier and store it in chrome.storage.sync. Include this ID in requests to the server (for sample code, see Getting unique ClientID from chrome extension?).
Recently, I introduced server-pings in one of my extensions, to measure the number of users per Chrome version at a given day/week. In this efforts, I prioritized the privacy of users over the accuracy of statistics (by storing the random ID in localStorage (which is not synchronized) and refreshing this ID at every major browser update).
If you want to learn more about the code behind it, see https://github.com/Rob--W/pdfjs-telemetry.
Wondering if this is at all possible. I'm working on a Chrome extension where, as users browse a particular site, certain elements on the page are saved to chrome.storage.local (or chrome.storage.sync). Those elements are then called again later on a different page. However, it would be useful to allow all users to save this data to 1 global variable/source, and all users be able to read from that variable/source. Do Chrome extensions have any method of accomplishing this?
The data in question isn't anything sensitive, it's not authentication info or anything. The reason I'm hoping to do this and not just save static variables or JSON objects within a content script is that the website I'm building this for changes fairly frequently, and I would rather that data not be completely static.
Thank you!
Not possible natively but there are lots of ways to do it for free (given you have few users and load and assuming you dont surpass their free quotas or rate limits) like a google appengine backend or a public google spreadsheet as sync. For the spreadsheet case, you can store as rows or put everything on a single cell. For appengine, the datastore has free quotas for read/write and free store quota (with limits and rate limits of course).
I am looking into using browser sessionStorage for a web application, and was trying to find current information on size limitations. It appears most desktop browsers have imposed a 5MB limit. However, I am not finding many recent articles nor information on the mobile browsers.
The Disk space of the W3C Web Storage specification says "A mostly arbitrary limit of five megabytes per origin is recommended. Implementation feedback is welcome and will be used to update this suggestion in the future."
The QuirksMode HTML5 compatibility page for localstorage has its last major update on 12 June 2009 and only includes data for last years current browsers: IE8, FF 3.5b4, Saf 4, Chrome 2.
According to Introduction to DOM Storage, IE8 "allows Web applications to store nearly 10 MB of user data." Introduction to sessionStorage seems to confirm that "Firefox’s and Safari’s storage limit is 5MB per domain, Internet Explorer’s limit is 10 MB per domain."
Web Storage: easier, more powerful client-side data storage from the Opera developer site states "As of now, most browsers that have implemented Web Storage, including Opera, have placed the storage limit at 5 Mb per domain."
A recent chromium issue (#42740) put a 5mb quota on session storage.
Chapter 5. Client-Side Data Storage from Building iPhone Apps with HTML, CSS, and JavaScript states "At the time of this writing, browser size limits for localStorage and sessionStorage are still in flux."
Question: Based on this info, should I just assume 5MB is the limit or should I spend time testing different browsers? Does anybody know of an existing test suite (a la Browserscope) that would have these results?
A site with some web storage info http://dev-test.nemikor.com
as you can see the quota's are different for each browser!
Assuming that the smallest limit for html5 web storage is 5mb, it would be sensible to go with that answer given what information you have presented, and has been presented about W3C web storage. Do beware that everything is in flux, but I don't think this limit will change drastically.
I've read from some bug report comments that Chrome stores localStorage data in UTF-16, which effectively doubles the sized used, leaving you with something more like 2.5mb. I think this might also be the case for other webkit browsers as well, if they impose the 5mb limit.
The fact that almost a year after this question was asked it still isn't easy to find the size limits (or even the key/value charset) is crazy.