如何正确处理来自内容脚本的Chrome扩展更新 [英] How to properly handle chrome extension updates from content scripts
问题描述
在后台页面中,我们可以使用 chrome.runtime.onInstalled.addListener 检测扩展更新。
但扩展名更新后,所有内容脚本都无法连接到后台页面。我们得到一个错误:连接到扩展名的错误....
可以重新插入内容脚本使用 chrome.tabs.executeScript ...但是如果我们有一个敏感数据应该在更新之前保存并在更新之后使用呢?我们能做什么?
另外,如果我们重新注入所有内容脚本,我们应该正确拆卸以前的内容脚本。
什么是适当的方式来处理来自内容脚本的扩展更新而不会丢失用户数据?
一旦Chrome扩展程序更新发生,完全切断了孤立内容脚本。它仍然可以通信的唯一方式是通过共享DOM。如果您正在讨论 敏感数据,则该页面不安全。稍后再说。
首先,您可以延迟更新。在后台脚本中,为 chrome.runtime.onUpdateAvailable 事件添加处理程序。只要听众在那里,您就有机会进行清理。
//后台脚本
chrome。 runtime.onUpdateAvailable.addListener(function(details){
//做你的工作,完成时调用回调
syncRemainingData(function(){
chrome.runtime.reload();
});
});
其次,假设最坏的情况发生,关闭。您仍然可以使用DOM事件进行通信:
//内容脚本
//准备好数据
window.addEventListener(SendRemainingData,function(evt){
processData(evt.detail);
},false);
//请求数据
var event = new CustomEvent(RequestRemainingData);
window.dispatchEvent(event);
//如果稍后要求,准备发送数据
window.addEventListener(RequestRemainingData,function(evt){
var event = new CustomEvent(SendRemainingData,{ detail:data});
window.dispatchEvent(event);
},false);
然而,这个通讯频道可能被窃听主机页面。如前所述,窃听不是您可以绕过的。
然而,您可以拥有一些带外预共享数据。假设您在第一次安装时生成一个随机密钥并将其保存在 chrome.storage 中 - 网页无法通过任何方式访问此密钥。当然,一旦孤儿你不能读它,但你可以在注射的时刻。
var PSK;
chrome.storage.local.get(preSharedKey,function(data){
PSK = data.preSharedKey;
// ...
window.addEventListener(SendRemainingData,function(evt){
processData(decrypt(evt.detail,PSK));
},false);
// ...
window.addEventListener(RequestRemainingData,function(evt){
var event = new CustomEvent(SendRemainingData,{detail:encrypt(data,PSK)});
window.dispatchEvent(event);
},false);
});
这当然是概念证明代码。我怀疑你需要的不止是 onUpdateAvailable 监听器。
In background page we're able to detect extension updates using chrome.runtime.onInstalled.addListener.
But after extension has been updated all content scripts can't connect to the background page. And we get an error: Error connecting to extension ....
It's possible to re-inject content scripts using chrome.tabs.executeScript... But what if we have a sensitive data that should be saved before an update and used after update? What could we do?
Also if we re-inject all content scripts we should properly tear down previous content scripts.
What is the proper way to handle extension updates from content scripts without losing the user data?
Once Chrome extension update happens, the "orphaned" content script is cut off from the extension completely. The only way it can still communicate is through shared DOM. If you're talking about really sensitive data, this is not secure from the page. More on that later.
First off, you can delay an update. In your background script, add a handler for the chrome.runtime.onUpdateAvailable event. As long as the listener is there, you have a chance to do cleanup.
// Background script
chrome.runtime.onUpdateAvailable.addListener(function(details) {
// Do your work, call the callback when done
syncRemainingData(function() {
chrome.runtime.reload();
});
});
Second, suppose the worst happens and you are cut off. You can still communicate using DOM events:
// Content script
// Get ready for data
window.addEventListener("SendRemainingData", function(evt) {
processData(evt.detail);
}, false);
// Request data
var event = new CustomEvent("RequestRemainingData");
window.dispatchEvent(event);
// Be ready to send data if asked later
window.addEventListener("RequestRemainingData", function(evt) {
var event = new CustomEvent("SendRemainingData", {detail: data});
window.dispatchEvent(event);
}, false);
However, this communication channel is potentially eavesdropped on by the host page. And, as said previously, that eavesdropping is not something you can bypass.
Yet, you can have some out-of-band pre-shared data. Suppose that you generate a random key on first install and keep it in chrome.storage - this is not accessible by web pages by any means. Of course, once orphaned you can't read it, but you can at the moment of injection.
var PSK;
chrome.storage.local.get("preSharedKey", function(data) {
PSK = data.preSharedKey;
// ...
window.addEventListener("SendRemainingData", function(evt) {
processData(decrypt(evt.detail, PSK));
}, false);
// ...
window.addEventListener("RequestRemainingData", function(evt) {
var event = new CustomEvent("SendRemainingData", {detail: encrypt(data, PSK)});
window.dispatchEvent(event);
}, false);
});
This is of course proof-of-concept code. I doubt that you will need more than an onUpdateAvailable listener.
这篇关于如何正确处理来自内容脚本的Chrome扩展更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
