简体繁体 English

加密Chrome扩展程序？

[英]Encrypt Chrome-extension?

原文 2010-12-13 05:47:07 0 4 javascript/ google-chrome/ google-chrome-extension

无论如何加密Chrome扩展程序不暴露源代码？

4 个解决方案

you can hide your code using obfuscator. 您可以使用混淆器隐藏代码。 there are lots of available in market. 市场上有很多可供选择的。

there are few tools like Google Closure compiler, and lots of online javascript ofuscators are available in market. Google Closure编译器等工具很少，市场上有很多在线javascript ofuscators。 you can use any. 你可以使用任何。 but it doesn't guarantee the confidentialness of the code. 但它不保证代码的保密性。 anyone expert with javascript can de-obfuscate that code. 任何使用javascript的专家都可以对该代码进行去混淆。

Here are two methods: 1. make your functionality available via web services. 以下是两种方法：1。通过Web服务提供您的功能。 so important code reside on server and extension will communicate with the server and will process the output from server. 如此重要的代码驻留在服务器上，扩展将与服务器通信，并将处理来自服务器的输出。 2. use NPAPI but its not a good method. 2.使用NPAPI，但这不是一个好方法。

As per me a good strategy is to try to give a good extensions to user. 按照我的说法，一个好的策略是尝试为用户提供良好的扩展。 if there is already something awesome in market no body will try to copy your addon. 如果市场上已经有一些很棒的东西，没有人会试图复制你的插件。 try to be ahead of your competitors. 努力超越竞争对手。

EDIT: NPAPI is deprecated. 编辑：NPAPI已被弃用。

as you can read here you can't. 你可以在这里看到你不能。 you can make your code hard to read and understand, but thats all. 你可以让你的代码难以阅读和理解，但这就是全部。

(that other question is about hiding the javascript-code in an html-page, but thats mostly the same (as far as i know, chrome-extension are just written in js/css/html, please correct me if i'm wrong)) （另一个问题是关于将havascript代码隐藏在html页面中，但这大致相同（据我所知，chrome-extension只是用js / css / html写的，如果我错了请纠正我）））

leave important code logic on your server (webservices help) 在服务器上留下重要的代码逻辑（webservices帮助）
inject sensitive html and js into iframes(the creation of this html can be done dynamically) 将敏感的html和js注入iframe（这个html的创建可以动态完成）

But I guess it all boils down to the architecture of your code 但我想这一切都归结为代码的架构

With manifest v2 obfuscators are harder to used because eval is considered unsafe security reasons. 使用清单v2，混淆器更难使用，因为eval被认为是不安全的安全原因。

Perhaps one of the biggest changes in the new manifest v2 scheme is that extensions can no longer use dynamic script evaluation techniques like eval() or new Function(), or pass strings of JS code to functions that will cause an eval() to be used, like setTimeout(). 也许新的清单v2方案中最大的变化之一是扩展不能再使用动态脚本评估技术，如eval（）或new Function（），或者将JS代码串传递给将导致eval（）的函数像setTimeout（）一样使用。 In addition, certain commonly used JavaScript libraries, such as Google Maps and certain templating libraries, are known to use some of these techniques. 此外，已知某些常用的JavaScript库（例如Google Maps和某些模板库）会使用其中一些技术。

Source https://developer.chrome.com/extensions/tut_migration_to_manifest_v2#using 来源https://developer.chrome.com/extensions/tut_migration_to_manifest_v2#using

I recommend just minifying the code. 我建议只需缩小代码。 The way minifiers work (given they do not all work completely the same) is they remove every space a change your variable names to single letters to reduce characters. minifiers的工作方式（假设它们并非完全相同）是删除每个空格，将变量名称更改为单个字母以减少字符。 This removes a lot of the meaning from your code and makes ut very hard to read. 这从代码中删除了很多含义，并且很难阅读。 It is not full proof, but it will at add an extra very tedious step to read your code. 它不是完整的证明，但它会增加一个非常繁琐的步骤来阅读您的代码。 On top of that minifiers were designed for compression and to make your code run faster. 最重要的是，minifiers被设计用于压缩并使您的代码运行得更快。 My favorite minifier is UglifyJS . 我最喜欢的缩放器是UglifyJS 。