9

I'm trying to create a chrome extension which scans a local directory for new files ... However, if I add the file://* permission to the manifest I can access the internal file browser of chrome with

xmlhttp.open("GET","file://C:/Users/username/Desktop/",false); xmlhttp.send(); console.log(xmlhttp.response);

From the response I could extract the file URLs and use them in my extension.

My question is now: Are there other approaches? The above way seems more like a workaround and easily breaks if chrome's file browser is changed ...

Charles Sprayberry
  • 7,741
  • 3
  • 41
  • 50
exxe
  • 93
  • 1
  • 5

1 Answers1

7

Any time I've had to do something on the local machine from a Chrome extension, I've always created a small program that accepts connections via HTTP, and does the work as a normal program, taking commands with JSON over POST. This gives you great flexibility, as it essentially allows you to write a Chrome extension that can do anything a desktop program can do.

However, there are great downsides to this, and you should only do it if absolutely necessary. For instance:

  • You can't do this for all operating systems, unless you're going to write an agent for every OS.
  • The extension cannot be installed from Google's extension hosting.
  • You must write your own installation program that registers the extension.
  • There are very real security considerations to worry about with this. You will be opening up a web service that executes commands. Be very sure that you are not exposing the user. In all reality, if you are making a file browser, you probably are exposing the user. It will be up to you to fix this security hole, as if you were creating any other web service.
Brad
  • 159,648
  • 54
  • 349
  • 530
  • Your link works but inside of the page they have iframe showing «Aw, Snap! We couldn't find that page», isn’t it the same page as this: https://developer.chrome.com/docs/extensions/mv3/external_extensions/ – Jerry Green Nov 13 '22 at 09:42