如何正确处理来自内容脚本的 chrome 扩展更新 [英] How to properly handle chrome extension updates from content scripts
问题描述
在后台页面中,我们能够使用 chrome.runtime.onInstalled.addListener 检测扩展更新.
In background page we're able to detect extension updates using chrome.runtime.onInstalled.addListener.
但是在扩展程序更新后,所有内容脚本都无法连接到后台页面.我们得到一个错误:Error connected to extension ....
But after extension has been updated all content scripts can't connect to the background page. And we get an error: Error connecting to extension ....
可以使用 chrome.tabs.executeScript 重新注入内容脚本...但是如果我们有敏感数据应该在更新前保存并在更新后使用怎么办?我们能做什么?
It's possible to re-inject content scripts using chrome.tabs.executeScript... But what if we have a sensitive data that should be saved before an update and used after update? What could we do?
另外,如果我们重新注入所有内容脚本,我们应该正确地拆除以前的内容脚本.
Also if we re-inject all content scripts we should properly tear down previous content scripts.
在不丢失用户数据的情况下处理来自内容脚本的扩展更新的正确方法是什么?
What is the proper way to handle extension updates from content scripts without losing the user data?
推荐答案
一旦 Chrome 扩展更新发生,孤立"的内容脚本就会从扩展中完全切断.它仍然可以通信的唯一方法是通过共享 DOM.如果您谈论的是真正敏感数据,那么这在页面上是不安全的.稍后会详细介绍.
Once Chrome extension update happens, the "orphaned" content script is cut off from the extension completely. The only way it can still communicate is through shared DOM. If you're talking about really sensitive data, this is not secure from the page. More on that later.
首先,您可以延迟更新.在您的后台脚本中,为 chrome.runtime.onUpdateAvailable 事件添加一个处理程序.只要听众在,你就有机会进行清理.
First off, you can delay an update. In your background script, add a handler for the chrome.runtime.onUpdateAvailable event. As long as the listener is there, you have a chance to do cleanup.
// Background script
chrome.runtime.onUpdateAvailable.addListener(function(details) {
// Do your work, call the callback when done
syncRemainingData(function() {
chrome.runtime.reload();
});
});
<小时>
其次,假设最坏的情况发生了,你被切断了.您仍然可以使用 DOM 事件进行通信:
Second, suppose the worst happens and you are cut off. You can still communicate using DOM events:
// Content script
// Get ready for data
window.addEventListener("SendRemainingData", function(evt) {
processData(evt.detail);
}, false);
// Request data
var event = new CustomEvent("RequestRemainingData");
window.dispatchEvent(event);
// Be ready to send data if asked later
window.addEventListener("RequestRemainingData", function(evt) {
var event = new CustomEvent("SendRemainingData", {detail: data});
window.dispatchEvent(event);
}, false);
<小时>
但是,此通信渠道可能会被主机页面窃听.而且,如前所述,窃听不是您可以绕过的.
However, this communication channel is potentially eavesdropped on by the host page. And, as said previously, that eavesdropping is not something you can bypass.
但是,您可以拥有一些带外预共享数据.假设您在第一次安装时生成一个随机密钥并将其保存在 chrome.storage 中 - 网页无论如何都无法访问它.当然,一旦成为孤儿就不能阅读,但在注射的那一刻可以.
Yet, you can have some out-of-band pre-shared data. Suppose that you generate a random key on first install and keep it in chrome.storage - this is not accessible by web pages by any means. Of course, once orphaned you can't read it, but you can at the moment of injection.
var PSK;
chrome.storage.local.get("preSharedKey", function(data) {
PSK = data.preSharedKey;
// ...
window.addEventListener("SendRemainingData", function(evt) {
processData(decrypt(evt.detail, PSK));
}, false);
// ...
window.addEventListener("RequestRemainingData", function(evt) {
var event = new CustomEvent("SendRemainingData", {detail: encrypt(data, PSK)});
window.dispatchEvent(event);
}, false);
});
这当然是概念验证代码.我怀疑您需要的不仅仅是 onUpdateAvailable 侦听器.
This is of course proof-of-concept code. I doubt that you will need more than an onUpdateAvailable listener.
这篇关于如何正确处理来自内容脚本的 chrome 扩展更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
