I want to make a Chrome Extension that can only read the webpages and that cannot modify them. I don`t want to see the following message when I click on the extension permissions button : "Read and change all your data one the websites you visit".
I tried the "pageCapture" permission and I still get a message that my extension can read and write all the data on the websites.
Related
I want to use a Chrome extension called Focusalarm.
It asks for the permission "Read your browsing history", which the author tells me it needs to find out which tabs are open.
Can I block it from sending this data across the internet?
I have a chrome extension which allows the user to perform actions and build up data. How can I get my chrome extension to open a new tab to allow my user to interact with the data they've accumulated? I could build a separate web app service where I pass the users data to. I currently persist the users data in local storage but I want a way for them to view/edit that data.
Not sure what exactly to google to get a chrome extensions to launch a new page under it's url...
Edit:
Ideally I'd like for my user to press a button from the popup.html popup to open up the new tab, if possible.
I got it to work, basically from the popup.html page I can make this javascript call,
chrome.tabs.create({url: chrome.extension.getURL('dashboard.html')})
where 'dashboard.html' is file belonging to my chrome extension.
I have managed with my extension and using ajax call in the content script to call my server and get an answer back. But in the console I get a message like:
The page at https://www.injectedpage.com displayed insecure content from http://www.mywebsite.com/Script.asp
Is there something I can do to prevent this message appear?
One more question please.
If I distribute the .crx to other people, can they see my code in the .js page? I dont want them to know to which page in my server I post the data I send.
Thank you for reading me. And for your patience with me.
The first issue is due to the fact that the website you're injecting code into is https while your page is http. It's a security warning from Chrome that you can't hide.
Yes they can see your extension's complete code. You can obfuscate it but when you publish your extension you give the user the entire code.
If your extension has a popup thing from the toolbar, right click to inspect element and If it has a background page or something, you can inspect it from the extensions page (developer mode has to be checked)
To see all of the files of every extensions, a user can navigate to Chrome's extensions directory. For example, on Win7 it's
C:\Users\[username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
User could also just rename your crx to zip and extract.
I am making an extension for chrome. It fetches data from webpages and emails it via local email client. I have a toolbar button which user has to click to invoke the script.
My script works for a few selected urls. I want my toolbar button to change icon based on whether the url is among our list or not. For example for site1 it should be redicon.png and for site2 it should be blueicon.png. I can change button icon using chrome.browserAction.setIcon. But the problem is that this API does not work in content script. It works fine in the background.js file but not in content.js. Kindly tell me how to achieve this.
I know using pageAction instead would do the trick but my client requirement is that the toolbar icon should change rather than appear and disappear.
What you need to read about is message passing. You are right, content scripts have limited chrome API. However, you can contact background page from content script and tell it to execute anything from chrome API for you. First, you need to create a listener on a background page that will be waiting for messages and then send a message from a content script.
I'm writing a chrome extension and I want to take a screenshot of the tab in which the extension is running. The extension url is like "chrome-extension://abcde". Everything works if I include "tabs" and "<all_urls>" in my list of permissions, but I don't really want to ask for the <all_urls> permission.
I tried adding "chrome-extension://abcde" to permissions instead of <all_urls> and I get the error "You do not have permission to use 'tabs.captureVisibleTab'. Be sure to declare in your manifest what permissions you need."
How can I solve this?
You should specify the hosts you want to be able to capture in the permissions. Now you've set it to your own Extension ID so that's why it's probably not working.
captureVisibleTab - Captures the visible area of the currently active tab in the specified window. You must have host permission for the URL displayed by the tab.
http://code.google.com/chrome/extensions/tabs.html