I am trying to write a chrome extension that initialize some parameters from a config file.
I would like to allow the extension to change those parameters and save them to the file so that the next time the extension was loaded it uses the new configuration.
I have been reading the chrome.filesystem api but it needs the interaction of the user to choose the file. However in this case the process must be done automatically without any action of the user.
Since this configuration file will be only accessed by the extension it could be sand-boxed but It must be persistent even if chrome is closed.
I manage to read the file using an XMLHttpRequest but I could not find a way to modify the file.
Is it possible to do this from a chrome extension?
This is an old question but unfortunately the only response it got was wrong.
It's definitely possible to read and write files using HTML5 in Chrome, without the vague "security" issues mentioned. The HTML5 Filesystem creates a protected sandbox in which you write and read virtual files: you can think of it as files being written in file based database managed by Chrome and not accessible by either other Chrome apps & extensions or other OS based applications. The user won't be able to copy or move these files using his OS file explorer since they reside inside the web browser's file DB.
You can't read (or write) arbitrary files from (to) disk based on any given file path.
If you need a file from disk you can only let the user select it himself by using chrome.fileSystem.chooseEntry()
You can however read (and write) your own files from (to) the HTML5 Filesystem.
So to answer your question: no you don't need user interaction to write your config file to the browser's file system.
An alternative to files could be chrome storage, localstorage or even indexedDB to store your (persisted) config key-value pairs.
Here are a couple of useful links to start reading about it:
Toying with the HTML5 filesystem
HTML5 Rocks
HTML5 demos
I imagine allowing a chrome extension to write to config files without the user knowing could be a bit of a security problem. You're probably hitting up against a security feature. A potential work around is to build a desktop application that is always on, and your chrome application communicates with it. Heck, you might able to do what you need to (without knowing all the details) with something like autohotkey.
Related
I have a Chrome extension that reads some info (small portions of text) from webpages using content scripts, then sends it to background script. Then background script must make that info available for other non-Chrome apps (in my current case it's a local Node.js app using Discord.js). And that must work silently and automatically.
After some research I've decided that the best way to share info is plain text files. Chrome saves them, Node reads them. So we come to the question in header - is there any way to just save small text files somewhere on the local drive? If it neccessarily requires a packaged app, I can create it and exchange messages with the extension, no problem.
I see no security hole here. I don't want no self-modifying code, need only one isolated place on drive where I will store files. Also, this extension is for my private use (my Discord channel automation).
Also please tell me if the whole scheme I have in mind is impossible to implement. Don't want to be stuck in the dead end.
Thank you!
Currently I'm building a local serach engine for network drives that is going to be used in our company.
The search engine is build on top of Solr and Tika. I've build an indexer that indexes Samba-shares over the network which works great and indexes all the directories that are given in a configuration file. However that is not really relevant.
The current problem we have is that the web interface that connects to Solr and delivers the search results will try to serve local file:// files that are links to the files with a absolute or Samba path. But serving file://'s are of course disallowed by browsers like Google Chrome. The error that Chrome gives is:
Not allowed to load local resource: file:///name/to/file.pdf
Which is obvious and logical, however I want to work around that issue and serve 'local' files to our users. Or at least open an Explorer window with the given path.
I was wondering if this is even possible or if there is a workaround available? The server that is going to serve these files is running on Apache or Tomcat (doesn't matter).
Alhtough opening file://'s seems pretty much impossible without the use of browser-specific plugins, I created a workaround by specifying a custom URI-handler combined with a Windows specific application that will open explorer.exe with the given directory.
This is by far not the ideal answer to my question, but I think it is a decent workaround for an intranet search application.
Streaming the file from your application to the browser is a much better idea from a usability and security perspective.
By assigning a MIME type to the stream, the user's browser can decide how best to open and display the file to the user.
By streaming from you application, control of the data can be maintained. The location of the file on you server is not revealed and proper authentication, authorization and auditing are easily achieved.
Assuming Java based upon your use of Solr and Tika:
http://www.java-forums.org/blogs/servlet/668-how-write-servlet-sends-file-user-download.html
Is it possible to retrieve the computer name when developing a Chrome Extension, for example "Jenny-PC"?
At first glance I did not find the API, but maybe I missed something.
If you are quite the daredevil, you could try to extract that info from a NPAPI plugin. This is quite dangerous, as you can read more about on the chrome extension site
No directly, for security reasons extensions can't access OS services.
But, hacker way, you may find some odd way to get what you're looking for.
If your extension has file:// permission, it can read system configuration files.
If you can get the user drop some file containing the name you want on some receiver in your extension's page, you can read it with HTML5 FileReader object.
If you can get the user download and execute some script you wrote (for example a .bat in Windows), it can grab that name and send to the extensions in various ways:
- writing it in a file the extension can read
- executing something like
"c:\chrome install folder\chrome.exe" chrome://extensions/yourextensionkey/receiver.html?name=thenameyourellokingfor
About file:// permission
Chrome Web Store doesn't allow uploading nor publishing extensions with such permission. But the extension works if you install it as a developer, or as .crx .
I'm not sure, but I think you can upload it to Chrome web store modifying it, in order to ask for permission.
We have a custom web app in our intranet that allow users to browse and search our shared file system in a way more appropriate for our organization. as compared to windows explorer/mac finder. However, when the users click on, for example, a link pointing to a word document the document is downloaded by the browser and then opened. I am trying to provide a better way, namely that the file is opened directly from the shared folder that each user has mapped in his own computer. This will make things faster and will not pollute the browser download folder.
I was planning to create a chrome or firefox extension that recognizes certain css class attached to a link, remaps the link to the shared file system and and launch an external process. Any idea how to achieve this? Is there a better solution?
If you want the URL to be handled by a custom program you could create special URLs using a custom Protocol (ex: MyApp:// instead of http://) and then register that protocol to be opened via a custom program. The links would only work on computers that have your program installed and where the protocol has been registered to be handled by your application.
I am thinking about having the following use-case:
User installs application on local machine.
User goes to our website, and are presented with many links (choices).
User clicks on a link.
Application starts, with some information contained within the link passed to the application.
Step 4 is obviously a security minefield. The end goal is that the user makes a choice, and if the application is installed, it starts with some information passed to it (ie command line parameters, or perhaps a temp file somewhere on the user's machine)
Can I/ Should I access the registry from javascript? Are there any ideas about how I might go about this? Do you have an alternative suggestion?
Assuming the applications the user installs are also developed by you.
Register a file extension for use by the specific application - then your web links can be links to a file that is downloaded and auto-run by your app. The file could contain details on the defaults for your app to use.
Sort of like how clicking on a .pdf file opens your pdf reader.
As an alternative to the file-extension solution you may want to know about Custom Application Protocol feature. Link is for Windows but there are nearly same techniques on other systems. I can't say if this approach works in every browser but you may want to try it out.
Accessing the registry from JavaScript inside a browser is nigh on impossible for the security implications. To access the registry from the web, I'd imagine you'd have to use a binary (C++ or others) program that can read the registry, but also has an HTTP module to communicate with your server.
Sounds like you might need the Click Once deployement feature for your app. I think once it's installed over http there should be a pretty easy way to launch an executable.
http://en.wikipedia.org/wiki/ClickOnce