Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jacksteamdev/demo-content-script-warning

Experiment to demonstrate what happens when you add a content script to a published extension.
https://github.com/jacksteamdev/demo-content-script-warning

chrome-extension chrome-web-store content-scripts experiment host-permissions

Last synced: 22 days ago
JSON representation

Experiment to demonstrate what happens when you add a content script to a published extension.

Host: GitHub
URL: https://github.com/jacksteamdev/demo-content-script-warning
Owner: jacksteamdev
License: mit
Created: 2020-10-22T14:31:51.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2023-08-03T06:12:01.000Z (over 1 year ago)
Last Synced: 2024-10-24T22:44:29.704Z (2 months ago)
Topics: chrome-extension, chrome-web-store, content-scripts, experiment, host-permissions
Language: JavaScript
Homepage:
Size: 138 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Content Script Warning Demonstration

This repo demonstrates what happens when you add a content script to an extension that is published on the Chrome Web Store.

Warnings for new content scripts or content script match patterns are not documented in Google's Chrome extension docs.

## Hypothesis

Our supposition is:

- Given that an extension is published on the Chrome Web Store
- and a user has installed that extension
- When you add a content script that matches a broader range of urls
- Then Chrome will require the user to approve these changes

We will conduct an experiment to verify this, following this method after each iteration:

## Method

1. Pack and install the extension using the Chrome extensions dashboard
2. Document the warnings

## Iterations

1. Create a simple extension with a content script with narrow host permissions
2. Broaden the content script host permissions
3. Add a second content script with host permissions for all urls

## Results

Our supposition was correct. After each update, the extension was disabled and Chrome displayed a warning with the new permissions, requiring user consent before re-enabling the extension.

### Step 1 Installation Warning

![Step 1 Warning Image](https://github.com/jacksteamdev/demo-content-script-warning/blob/master/pngs/step1.png?raw=true)

### Step 2 Update Warning for broader host permissions

![Step 2 Warning Image](https://github.com/jacksteamdev/demo-content-script-warning/blob/master/pngs/step2.png?raw=true)

### Step 3 Update Warning for new content script with all urls

![Step 3 Warning Image](https://github.com/jacksteamdev/demo-content-script-warning/blob/master/pngs/step3.png?raw=true)