我在***上看到了一个安全视频，我现在没有链接了，但是我认为这是DefCon的演讲，或者类似的东西……它显示如果 在manifest.json中.这可能不是一件好事...

I saw a security video on ***, I don't have a link anymore, but I think it was a DefCon talk, or something... it shows how Chrome allows access to extension resources from a browser URL if the resource is included in the extension list of web_accessible_resources in the manifest.json. This probably isn't a good thing...

因此，您可以:

• 创建一个图像，上面写着该扩展名已安装且处于活动状态.
• 将此图像添加到您的扩展程序中，并将其包括在web_accessible_resources列表下的manifest.json中.

• 然后在您的网页上链接到它.只有在安装扩展程序并启用后，该图像才可见.

• Create an image that says something like the extension is installed and active.
• Add this image to your extension, and include it in the manifest.json under the web_accessible_resources list.

• Then link to it on your webpage. The image will only be visible if the extension is installed and enabled.

<img src="chrome-extension://{extension-id}/extension-enabled.png">