How protect chrome extension

前端 未结 4 670
忘了有多久
忘了有多久 2021-02-02 02:32

Chrome extension is packed to zip archive. After setup it is installed on folder and user can access to it. Also he can rewrite extension and even clone to new extension.

<
相关标签:
4条回答
  • 2021-02-02 03:02

    The premise seems to be simple. By default browser interprets HTML/Javascript, so are the chrome extensions which run along with the page.

    One way is to obfuscate your javascript code , or rely on NPAPI compiled-binary plugins, or use NaCL

    Obfuscating the code might no longer be a solution after Chrome forbade obfuscating extensions: https://stackoverflow.com/a/49509913

    0 讨论(0)
  • 2021-02-02 03:12

    I'm using Gulp plugin for JavaScript obfuscation. It doesn't break extension's code.

    0 讨论(0)
  • 2021-02-02 03:15

    Currently there is no way you can hide your Chrome extension source code from users or competitors.

    There is a statement in Chrome web store faq:

    Can I sell extensions in the store? Not yet, but this functionality is coming soon.

    You may wait for this feature or try the following alternatives:

    • Obfuscate your Javascript source: Check this for more details How can I obfuscate (protect) JavaScript?

    • Keep your key logic on a remote server and make Ajax calls from the background script to communicate to the server

    Chrome extensions are free from 'same origin policy' if cross-origin permission is defined in the manifest:

    Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

    Define the following in your manifest:

    {
        "name": "your extension",
        ...
        "permissions": [
            "http://www.yourserver.com/"
        ],
        ...
    }
    
    0 讨论(0)
  • 2021-02-02 03:29

    In case you have some proprietary code (e.g. special algo you want to keep safe etc') and you are targeting Chrome - I would suggest to go with Native Client. Nacl let you run C/C++ code in your browser. It's very powerful and you can be sure it will be very hard for someone to pick into your binary.

    0 讨论(0)
提交回复
热议问题