问题
Chrome extension documentation explicitly states that storage.sync data is not encrypted: "Confidential user information should not be stored! The storage area isn't encrypted."
What is the recommended method to: 1) Save persistent data securely (ie, no loss from restarting browser or logging into Chrome on a different device) 2) Without transferring anything to my server (unnecessary in my case and want to give user full data control)
回答1:
You can't - that's the thing.
Google Chrome docs warns about all the ways of storing data using extensions are insecure. Basically, all the data sources may be compromised: localStorage, Cookies, WebSql, Chrome.storage. So the only way you can store data securely without extension user to be able to reach it is to send it over to secure server. You can use Ajax, XMLHttpRequest in pure JS to make it happen.
P.S. I assume Google has restricted this possibility on purpose. Keep in mind, that all of your content scripts are working in isolated worlds. This is all indicates that Google wanted to make sure the extension are transparent for user and will not hide anything or bring damage to one's experience.
来源:https://stackoverflow.com/questions/61481710/how-do-i-store-chrome-extension-data-securely