更新时间:2021-12-30 00:05:15
我在***上看到了一个安全视频,我现在没有链接了,但是我认为这是DefCon的演讲,或者类似的东西……它显示如果 manifest.json
中.这可能不是一件好事...
I saw a security video on ***, I don't have a link anymore, but I think it was a DefCon talk, or something... it shows how Chrome allows access to extension resources from a browser URL if the resource is included in the extension list of web_accessible_resources
in the manifest.json
. This probably isn't a good thing...
因此,您可以:
web_accessible_resources
列表下的manifest.json
中.然后在您的网页上链接到它.只有在安装扩展程序并启用后,该图像才可见.
manifest.json
under the web_accessible_resources
list.Then link to it on your webpage. The image will only be visible if the extension is installed and enabled.
<img src="chrome-extension://{extension-id}/extension-enabled.png">
使用javascript检查并查看图像是否已加载.如果没有,请用显示扩展名已禁用或未安装的URL替换.
Use javascript to check and see if the image loaded. If it didn't, replace it with a url showing that the extension is disabled or not-installed.