I'm creating a Chrome extension which requires the user to insert the local path of a file to access it, which is then saved to storage and retrieved when the user reopens the extension to prevent them from having to re-insert the file path to access it.
I'm currently using Local Storage as the storage method to store these file paths, however security-wise, do you think it would be safe to do this given the low security measures that local storage has, and if not, do you think that something like 'Indexeddb' or 'chrome.storage' would be better?
Related
In the Chrome extension I am trying to write, I need to talk to a service over TLS. For this purpose, I need access to a CA cert pem file and client cert and key pem files which are on my disk.
Is any of the below possible -
The extension has file upload dialog for each of the file - where the user can 'upload' the pem files once during setup phase. The extension stores them in some kind of storage and uses them to talk to the service.
The user specifies the paths to each of the files on filesystem during setup phase and the extension reads the files from disk when needed.
I have searched on both of these alternatives. For the first one, Chrome's browser storage is not storing a file object, it also has a limit of 8KB per key where the pem contents can slightly exceed that limit. For the second approach, I don't think extensions have access to user's entire filesystem.
Any pointers on how to proceed will be really helpful!
regarding your first suggestion:
You could use the localStorage or the indexedDB of your background page to store the values of the files. They have a greater limit. Although I'm not quite sure, if this storage survives an update.
Regarding your second suggestion:
From a chrome extension, you only have access to the Download Folder of the system via the chrome downloads api. But I haven't seen a way to create a file. So your user may have to put it there himself which may be bad ux.
I personally would try the first way first.
Good luck:)
I make Windows Store apps with HTML + Javascript, WinJS type apps.
I normally use localStorage to store most information, and I know how to navigate to where that localStorage is in the file system:
C:\Users\user\AppData\Local\Packages\-package-string- is the base folder for all the info, and I drill down to \AC\Microsoft\Internet Explorer\DOMStore and the localStorage xml file is in there in one of the
Knowing this makes it easy for me to take localStorage from one persons app, download it and put it into my debugging app and investigate any problems they might have related to their localStorage.
I need the same info for IndexedDb. I use Dexie.js which uses IndexedDb and I want to be able to move the file from one persons computer onto my own to debug it if necessary.
On Windows 10 (v1803) is IndexedDB located in:
C:\Users\user\AppData\Local\Packages\--package-string--\AppData\Indexed DB
I am working with local storage techniques on a website that I'm building, so far with great success because I cant see the popup again. Where is the folder that contains the local storage and within that folder what name should I be looking for? Something specific to the name I called it in javascript?
Chrome currently stores local storage data under the path:
~/Library/Application Support/Google/Chrome/$PROFILE/Local Storage
where $PROFILE is either Default if you have not logged into a profile, or something along the lines of Profile 1 if you have.
Note that there is one file per site, not per stored value, and the files are SQLite databases. You will not be able to read their contents in a text editor.
If all you want to do is view the contents of local storage, you may want to consider instead using an extension along the lines of Storage Area Explorer.
I'm testing some of the new JS filesystem abilities, i.e. creating an empty text file in the local filesystem. I'm running the HTML & JS files from a local path (file:///). For this purpose I launched Google Chrome with the --allow-file-access-from-files flag from the CLI. The filesystem request is PERSISTENT (and works).
I have read up on different posts about the filesystem, copied and modified some of the code in the tutorials; When I launch the HTML file, my custom success/ failure messages are outputted in the console;
This is the result:
Opened file system:/ // this is the root path of the JS Filesystem.
/wtf.txt // this is the name and path of the text file I created+ it's a success
However, when I look at my directory's (both system and application root), there's no .txt file with the name I assigned to it. How can I know where Javascript really wrote this file? In what "root" (since the 'root' cannot be assigned)? What does it mean that the FileSystem is a 'sandbox'? That I cannot access the (virtual?) contents of it on my local drive, but only with JS? If this is the case, is there a way to prompt the user to save the file?
Thanks in advance for your answers
It seems you're expecting the File System API to work locally similar to an OS file system. The client doesn't work like that. In fact, and API is designed to be your interface, as a programmer, to the files and directories -- the client itself (e.g., Chrome, etc.) will handle the rest on the local level. The API is not designed by which you can create a file via the browser and easily access it via the operating system.
How can I know where Javascript really wrote this file? In what "root" (since the 'root' cannot be assigned)?
Technically speaking, each client can store locally as it chooses. So while you can go to the local file system to look for the file, something is wrong with your approach if you're attempting to do so; the File System API is not meant for that. To your question, you can assume that if there's content the client's storage area (e.g., for Chrome it's something like "C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\File System\") then you can assume that the JavaScript wrote it. But again, it's not set up for user friendly browsing on the local system.
What does it mean that the FileSystem is a 'sandbox'?
Sandbox simply means an area created and set aside for a specific purpose, outside of which the client cannot see/access. See this from Mozilla: https://developer.mozilla.org/en-US/docs/WebGuide/API/File_System/Introduction#virtual
That I cannot access the (virtual?) contents of it on my local drive, but only with JS?
That is correct, and by design.
If this is the case, is there a way to prompt the user to save the file?
If I understand your question right, you're asking if there is a way to provide a specific file to the user and have it prompt them to save it locally. Well, of course if you provide a link to the file (or push it, a different discussion) then the client will prompt the user to save/store it if their platform allows them to do so. But you have no control over where they save it locally nor can you later get it it. If I've misunderstood your question, comment below and I'll follow up.
I have a webpage that I run from my local hard drive. I am using localstorage to set the user preferences and that works with Chrome but I need to use this with IE9. What is the best way to set the user preferences for this, can I set a cookie with a local file?