Well, for one an abusive extension could remove the UI in the Gallery that allows the user to report the extension as abusive. That alone would be a pretty big problem.
On Wed, Dec 2, 2009 at 10:53, Claudio Benvenuti <[email protected] > wrote: > Ok, I'll do that. > But.. why is the Extension Gallery going to be more vulnerable than > any other web sites? > Are you talking about XSS and stuff like that? > From what I understand the content script is execute in an "isolated > world", so what am I missing? > I'm asking just to understand :) > > thanks again > > Claudio > > > > > On Dec 2, 7:32 pm, Finnur Thorarinsson <[email protected]> wrote: > > Yeah, it would be great to not have to worry about the security of > running > > content scripts on the Gallery, but that's the world we live in. > > > > If you are concerned about users uninstalling the extension because of > this, > > then maybe you should note in the description for the extension that the > > Extension needs to be tested on pages not in the Extension Gallery. > > > > On Wed, Dec 2, 2009 at 10:27, Claudio Benvenuti < > [email protected] > > > > > > > > > wrote: > > > Ok, thank you very much, now its clear!!! > > > Thank you also for your precious advice about the permission on > file://... > > > already removed from my manifest :) > > > > > I'm a bit concerned about content_scripts not running on the Chrome > > > Extension Gallery. > > > I think that the first action an user will do once he installs a new > > > extension from the Chrome Extension Gallery is going to be... try > > > the new extension... but, if extension uses content_script, it's not > > > going to work... probably the next step will be... "Uninstall" > > > At least... that's what I did with my own Extension :) > > > > > Sorry for my english and for my comment, if misplaced. > > > Thank you again > > > > > Claudio > > > > > On Dec 2, 6:57 pm, Finnur Thorarinsson <[email protected]> wrote: > > > > Yes, for security reasons we don't support running content scripts on > the > > > > Chrome Extension Gallery. > > > > > > As for mail.google.com, it works for me, although I'm on Windows. > > > > > > Oh, and as a side note, if your manifest includes running > content_scripts > > > on > > > > file://, then the users of your extension are going to have a very > scary > > > > looking security warning when they try to install your extension. I > > > > recommend not having your content script run on file:// unless you > > > > absolutely need to. > > > > > > -F > > > > > > On Wed, Dec 2, 2009 at 08:46, Claudio Benvenuti < > > > [email protected] > > > > > > > wrote: > > > > > Hello Everybody, > > > > > I'm developing an extension that make use of content script. > > > > > In manifest.json I have : > > > > > > > "content_scripts": [ > > > > > { > > > > > "matches": ["http://*/*";, "https://*/*";, > "file:///*"], > > > > > "js": ["source.js"] > > > > > } > > > > > ], > > > > > > > but in some pages, likehttps://mail.google.com/mail/, or like my > > > > > chrome extension dashboard (https://chrome.google.com/extensions/ > > > > > developer/dashboard), my content script is not injected in the > page, > > > > > so my extension is not working. > > > > > I checked this using the Developer Tools. > > > > > > > I'm using Chromium 4.0.260.0 under linux. > > > > > Is anyone experiencing this problem? > > > > > Am I missing something? > > > > > > > Thanks everybody > > > > > Claudio > > > > > > > -- > > > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "Chromium-extensions" group. > > > > > To post to this group, send email to > > > [email protected]. > > > > > To unsubscribe from this group, send email to > > > > > [email protected]<chromium-extensions%[email protected]><chromium-extensions%2Bunsu > [email protected]><chromium-extensions%2Bunsu > > > [email protected]> > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/chromium-extensions?hl=en. > > > > > -- > > > > > You received this message because you are subscribed to the Google > Groups > > > "Chromium-extensions" group. > > > To post to this group, send email to > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<chromium-extensions%[email protected]><chromium-extensions%2Bunsu > [email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/chromium-extensions?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Chromium-extensions" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<chromium-extensions%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/chromium-extensions?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
