I have an extension that uses chrome.webRequest, chrome.browserAction etc., but my extension also need to access the file system(unsandboxed), I found that chrome.fileSystem can do this, but it's only available in Chrome apps. Since I have to choose either extension or app, so this means that I can't use chrome.webRequest and chrome.fileSystem at the same time?
I wonder why Chrome extension doesn't allow the fileSystem API, I think it will be very useful.
Short answer: security reasons.
Extensions are considered much more risky than apps. Extensions can do a lot of things that apps can't, like hook into web request or inject script into pages, for example. Apps are kind of sealed via CSP and their run time model is much more isolated.
For this reason APIs which are considered risky - and fileSystem is probably the most risky API we have - are by default not made available in extensions.
Having said that there is ongoing discussion about how we can make more APIs available to extensions.
Related
Yet there are tools to make one addon for all major browsers at once,
see: crossrider, kangoextensions and http://besttoolbars.net/products/addon_framework
With greasemonkey and a converter to a full firefox addon,
i already made an addon, that does the following three simple things:
check http status of external links with wiki.greasespot.net/GM_xmlhttpRequest,
(which won't work out with javascript alone as of cross-site-scriting policy.)
manipulate the current page/dom through some regex
inject an additional hosted javascript for automatic updates
but is there any "cross-browser addon maker" capable of the 3 things above?
(especially http to external links like GM_xmlhttpRequest)
and open source, free or at least free of their branding in the addons made with it?
or else what is the easierst way from my greasemonkey script to full addons for also
chrome,[opera,internet explorer,safari(or more)].
(i imagine this alone could be a few kb of code to match the requirnments above and doesnt need to be a complex service like crossrider?)
Thanks!=)
I think you can achieve your goals using the Crossrider platform, writing code once in JavaScript that works on all supported platforms. For your specific goals, you can use the appAPI.request API for your HTTP requests and jQuery/JS DOM to manipulate the page content.
Regarding branding, the Crossrider platform enables you to customize the extension using your own image, specify your own post-installation landing page (Thank You page), and either host a seamless installer widget on your site OR host a Windows installer file, and hence an end user does not see any Crossrider branding at all.
Finally, regarding monetization, we have a strict policy of only monetizing extensions with the mutual consent of the extension developer.
I hope this clarifies your concerns, but please feel free to ask any further questions either on this thread or by contacting our support (support#crossrider.com).
Disclaimer: I am a Crossrider employee
I am aware that both these apis are used to inject Javascript into the webpage. Is there any difference between loadSubScript and loadFrameScript in Firefox extension development? In which situation would you use them?
I assume that you are asking about mozIJSSubscriptLoader.loadSubScript() and nsIChromeFrameMessageManager.loadFrameScript(). These are two entirely different mechanisms with the only similarity being that both can load and execute code.
mozIJSSubscriptLoader isn't meant to load code into web pages - its primary goal is to load parts of your extension dynamically. This is a very old mechanism that even predates JavaScript code modules.
The goal of loadFrameScript() is to load content scripts however, originally introduced to support multi-process setups (e10s project). It will load scripts that will run with the privileges of the web page in the context of the web page. No direct interaction with the code that loaded it is possible, only messaging.
Most extensions don't have any reason to use loadFrameScript. It's target is remote debugging.
Is it possible for a chrome extension to sync files and directories between a USB drive and the main HDD?
This might be useful for example for easy downloading of photos from a digital camera.
To implement this feature, one will need two main parts:
read-write access to the local hard drive
read-write access to the USB drive
#1 is covered by the HTML5 filesystem APIs (see here for example).
#2 is the problematic part, as I don't know of any available mechanism that allows that.
It might be possible to somehow utilize the USB experimental api to implement a mass-storage device protocol.
However, my knowledge in USB protocols is too limited to know whether this is actually possible or what it may involve.
Thanks
One possible solution (though it's a Big Hammer) is to use a Native Host - basically, a separate program that has full OS APIs, and to which your extension talks.
Cons include the fact that the native host cannot be bundled with the extension in the Web Store, unlike NPAPI plugins (which are no longer an option).
chrome.usb and chrome.fileSystem APIs mentioned in another answer are not available for Chrome extensions, only apps.
In my web page, I have to start a desktop application on the client's computer if it's installed. Any idea how I can do this?
If the application is MS Office or Adobe Reader, I know how to start them, but the application I want to start is a custom application. You can not find it on the internet.
How can I open the application?
Basically it's not possible to achieve unless an application registers a protocol that will trigger it. If it does that all you need to do is to provide a link using this protocol
yourcustomapp://some.parameters
Another way the 3rd party app can integrate with the browser is if it hooks to it as a plugin. This is how flash apps work etc.
If the app you are trying to launch does not support something like that it's going to be close to impossible to achieve what you want.
The browser sandbox prohibits you from executing local resources, for good reason - to thwart a website destroying your box with malicious code. I've been researching the same functionality.
The only solution I've found is to build an extension in Mozilla Firefox which can launch your app. Extensions live outside the sandbox so they can execute local resources. See this page for how to do that. You may be able to do it cross-browser using crossrider, though I haven't had success with that yet.
You could alternatively build a thick client populated from a web service, and launched from the browser through an extension as mentioned above. This is what I'm doing to get around the sandbox. I'm using local XUL for this.
See my question for additional discussion.
First off - you can't do it using javascript in any sort of a portable mechanism.
If the application is ms office or adobe reader,I know how to startup them
No you don't - you know how to send a document, which the browser associates with these applications and invokes them supplying the name of the local copy of the response. You can't just start the programs.
You just need to do the same for your app - invent a new mime type (the major type would be 'application' and by convention, non-standard minor types are prefixed with 'x-', so you might use application/x-hguser) then associate that mimetype with the relevant program browser side.
i.e: You need to explicitly configure each browser
I already encouter that problem in some complex production environnements.
I do the trick using the following code :
function launch(p_app_path)
{
var oShell = new ActiveXObject("WScript.Shell");
oShell.Run('"' + p_app_path + '"', 1);
}
In IE options > Security > Customize the level > ActiveX controls and plugins > Initialization and script ActiveX controls not marked as safe for scripting, set the value to Ask or Active.
It isn't a security problem when your website is enclosed into a specific security context.
And as they say, it's not worth it to build a gas plant.
JavaScript alone can't do this. (No, not even with MS Office or Adobe Reader.) Thankfully.
There are a number of old ways, including using ActiveX, which may work for your needs. As others have pointed out while typing this, you can customize responses based on the mime type or the protocol, etc.
Any way you look at it, you're going to need control over the end users' browser. If you're in a close environment where you can dictate policy (users must use a specific browser, with a specific configuration), then you're going to need to do that. For an open environment with no control over the end users, you're out of luck.
I'm actually having a lot of success right now with SiteFusion. It's a PHP client/server application framework that serves out XUL/JavaScript applications from a server deamon running in Apache. You access applications from a very thin client in XULRunner, or potentially off a web page using extensions. Clients can execute on any platform, and they're outside of the browser sandbox so you can access local resources such as executables. It'a a fairly elegant solution, their website provides great examples and documentation, and their forum is very responsive. I actually found a minor bug in passing arguments to local executables, posted a question about the forum, and it was fixed by the chief developer in under 15 minutes. Very impressive, overall!
I have a number of users with multi-megabyte files that need to be processed before they can be uploaded. I am trying to find a way to do this without having to install any executable software on their machines.
If every machine shipped with, say, Python it would be easy. I could have a Python script do everything. The only scripting language I can think of that's on every machine is JavaScript. However I know there are security restrictions that prevent reading and writing local files from web browsers.
Is there any way to use this extremely pervasive scripting language for general purpose computing tasks?
EDIT: To clarify the requirements, this needs to be a cross platform, cross browser solution. I believe that HTA is an Internet Explorer only technology (or that the Firefox equivalent is broken).
Would Google Gears work here? Yes, users have to install something, but I think the experience is fairly frictionless. And once it's installed, no more worries.
The application that I maintain and develop for work is an HTML Application or HTA, linked with a SQL Server 2005 backend. This allows various security restrictions to be "avoided". All the client-side components in the application are done with javascript, including writing files to locally mapped network drives and loading data into screens/pages in an AJAXy way.
Perhaps HTA could be helpful for your situation.
For an example of javascript accessing a local file, you might try taking a look at the source of TiddlyWiki, specifically the saveFile, mozillaSaveFile, and ieSaveFile functions. Just click the download link, open the html file it sends you, and search for those functions.
Of course, tiddlywiki is supposed to be used as a local file, not served over the web, so the methods it uses may only work locally.. But it might be a start.
Why not use a flash uploader? http://swfupload.org/
Adobe Flex 4 lets you to open and process a file on a local machine:
http://livedocs.adobe.com/flex/3/langref/flash/net/FileReference.html#load()
It's not exactly JavaScript, but hope that helps.
I believe you can accomplish this using the HTML5 File API.
It is supported in Opera, IE, Safari, Firefox, and Chrome.
you can use fs module from nodeJS to manipulate with filesystem nowadays!