堆栈内存溢出
  简体   繁体   English

从选项页面更新Chrome扩展清单权限

[英]Update chrome extension manifest permissions from options page

 原文  2016-05-17 15:07:56       javascript/ google-chrome/ google-chrome-extension

问题描述

I am trying to update the permissions in the chrome extension manifest file from the options page. 我正在尝试从选项页面更新chrome扩展清单文件中的权限。 Basically the user should be able to input the url for the extension to run on and that url will update in the extensions manifest file. 基本上,用户应该能够输入要运行的扩展的URL,并且该URL将在扩展清单文件中更新。 I am currently storing all my options using chrome.storage.sync for use in multiple files. 我目前正在使用chrome.storage.sync存储我的所有选项,以便在多个文件中使用。 I am looking for a secure solution to give only the chosen url access. 我正在寻找一个安全的解决方案,只给出选择的URL访问权限。 Any suggestions? 有什么建议么?

1 个解决方案

解决方案1
 1  2016-05-17 16:23:11

That's not possible (to update the manifest). 这是不可能的(更新清单)。

However, the particular use case you explain is: 但是,您解释的特定用例是:

  1. Have a list of "allowed" websites. 有一个“允许”网站列表。
  2. When the extension is invoked by pressing the button, if the website is allowed - inject a content script that does something. 当按下按钮调用扩展时,如果允许网站 - 注入执行某些操作的内容脚本。

In this case "activeTab" permission and Programmatic Injection should solve your problem. 在这种情况下, "activeTab"权限Programmatic Injection应该可以解决您的问题。

  • You do not declare any content scripts in the manifest. 您不在清单中声明任何内容脚本。 This ensures code runs only when you want to. 这可确保代码仅在您需要时运行。
  • You do not declare any host permissions in the manifest. 您不在清单中声明任何主机权限。 Your extension will ONLY work on the current tab at the moment of Browser Action press. 您的扩展程序仅在浏览器操作按下时才会在当前选项卡上运行。
  • You ask the user for allowed URLs and store them in chrome.storage . 您向用户询问允许的URL并将其存储在chrome.storage
  • When your extension is invoked using the Browser Action, you can query the currently active tab and you will get its URL (because of the "activeTab" permission). 使用“浏览器操作”调用扩展时,可以查询当前活动的选项卡,并获取其URL(由于"activeTab"权限)。
    • Your logic then compares it to stored whitelisted URLs. 然后,您的逻辑会将其与存储的白名单URL进行比较。
    • If there's a match - you use chrome.tabs.executeScript to inject your content script. 如果匹配 - 您使用chrome.tabs.executeScript注入您的内容脚本。
    • If there's no match - do nothing, or somehow ask user to confirm whitelisting the new domain. 如果没有匹配 - 什么都不做,或以某种方式要求用户确认将新域列入白名单。

Here's some sample code: 这是一些示例代码: 

chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
  var currentTab = tabs[0];
  // Pseudocode
  if (whitelisted(currentTab.url)) {
    chrome.tabs.executeScript(currentTab.id, {file: "content.js"});
  } else {
    // Do nothing or show some warning
  }
});

Alternatively, you can look at Optional Permissions API . 或者,您可以查看Optional Permissions API

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Chrome Extension Manifest权限 - Chrome Extension Manifest permissions 如何从Chrome扩展程序的选项页面启用/禁用manifest.json CSS内容脚本? - How to enable/disable manifest.json CSS content script from Chrome Extension's options page? Chrome扩展程序中的localStorage / options页面? - localStorage/options page in Chrome Extension? 更新Chrome扩展程序:清单2和安全策略 - update a chrome extension: manifest 2 and security policy Chrome扩展程序与背景页面不使用清单版本2 - Chrome Extension With Background Page Not Working With Manifest Version 2 Chrome 扩展清单 CSP 在公共页面上被忽略 - Chrome extension manifest CSP ignored on public page 从Chrome扩展程序“options_ui”页面显示提醒 - Show alert from Chrome Extension “options_ui” page 从选项页面中调用Chrome扩展方法? - Call Chrome-Extension Method from within options page? 将选项页面中的设置交换为Chrome扩展程序中的内容脚本 - Exchanging Settings from Options Page to Content-Script in Chrome Extension chrome.extension.getViews()和Extension Options页面 - chrome.extension.getViews() and Extension Options page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM