Add off-store builds with external parser scripts loading#2808
Draft
kuwoyuki wants to merge 3 commits into
Draft
Add off-store builds with external parser scripts loading#2808kuwoyuki wants to merge 3 commits into
kuwoyuki wants to merge 3 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a draft of an off-store build variant that can load full parser scripts from remote repos at runtime. I tried to leave the store build untouched.
The motivation is this PR #2225. MV3 can't load remote code per Chrome Web Store policy. But some sites need complex decryption, login sessions, Cloudflare cookie handling, etc.
Off-store build (MV2 with unsafe-eval CSP) evals external scripts directly in the popup context so they have the full context.
npm run buildnow produces 4 zips: 2 store (unchanged) + 2 off-store (Chrome MV2 + Firefox MV2, both with unsafe-eval CSP)ExternalScriptLoader.jsthat fetches anindex.jsonfrom configured repo URLs, then fetches and evals each listed parser scriptparserFactory.register()as bundled parsers so a script can be bundled or external with no changeschrome.storage.localwith optional auto-updateThis will not work in MV3 (thanks Google) CSP blocks
eval(). Sandboxed iframes can eval but are isolated from extension APIs, cookies, and login sessions, so that's useless for this ext.