使用Chrome打包的应用程序将文件保存到文件系统 [英] Save a file to filesystem with chrome packaged app

问题描述

我有一个完整的CSS属性变量，我想用它来创建一个CSS文件并将其保存到应用程序文件目录中。我怎么会在一个Chrome打包的应用程序中去解决这个问题？

你不会喜欢这个答案。你无法做到这一点，如果你找到了解决办法，那么Chrome团队将会关闭它。

打包应用程序的设计目标是让整个应用程序在上传到网上商店时进行静态分析。这意味着，当用户决定是否从商店安装应用程序时，该决定基于代码的实际作用（它包含这些脚本，此CSS和这些图像，并要求获得这些权限），而是而不是您是否信任开发人员或网站。 www.example.com今天可能看起来值得信赖，但明天它可能会出售给新的所有者，或者受到损害。所以决定我信任example.com吗？很难。打包应用程序使决策更容易;在大多数情况下，您所信任的事物就在您​​的面前，在您刚刚下载的CRX中。

如果您了解这个设计目标，那么你就明白为什么打包应用程序的设计不允许自修改代码（这是你想要做的通用术语）。如果你的代码可以生成代码，那么静态分析就很难确定应用程序可以做什么（有意或者是通过bug）。同样，内容安全策略对打包的应用程序也相当严格，不能设置为限制较少的策略，这就是为什么eval（）在脚本中不起作用。

你的JavaScript不能设置DOM元素的样式属性有什么原因吗？这应该给你灵活性，而不会跑到平台安全模型的边界。

编辑：刚刚看到你的其他问题，这看起来与此非常相似。你在建立一个CSS编辑器吗？还是你想修改你自己的应用程序的CSS？我上面的答案假设了第二种情况。如果我误解了你的问题，然后澄清，我会尝试改进答案。

I have a variable full of css attributes that I would like to use to create a CSS file and save it to the apps file directory. How would I go about this in a chrome packaged app?

解决方案

You're not going to like this answer. You can't do this, and if you figured out a way to do it, it would be considered a security hole that the Chrome team would close.

Part of the design goals of packaged apps is to make the entire application statically analyzable at the time it's uploaded to the web store. This means that when a user is making the decision whether to install the app from the store, that decision is based on what the code actually does (it contains these scripts, this CSS, and these images, and it asks for these permissions) rather than on whether you trust the developer or the website. www.example.com might look trustworthy today, but tomorrow it might be sold to a new owner, or compromised. So the decision "do I trust example.com?" is hard. Packaged apps make that decision easier; in most cases, the "thing" you're trusting is right there, right in front of you, in the CRX you just downloaded.

If you understand this design goal, then you understand why the design of packaged apps doesn't allow for self-modifying code (which is the generic term for what you want to do). If your code could generate code, then it becomes significantly harder for static analysis to determine what the app could do (either intentionally or through bugs). Along the same lines, Content Security Policy is fairly strict for packaged apps and can't be set to a less restrictive policy, which is why eval() won't work in script.

Is there a reason why your JavaScript can't set your DOM elements' style properties? That ought to give you the flexibility you want without running up against the boundaries of the platform's security model.

Edit: just saw your other question, which seems very similar to this one. Are you building a CSS editor? Or are you trying to modify your own app's CSS? My answer above assumed the second case. If I've misunderstood your question, then clarify and I'll attempt to improve the answer.

这篇关于使用Chrome打包的应用程序将文件保存到文件系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！