javascript - Chrome Extension Code Sharing -
i building chrome extension part of allow users write plugins , other users can download them - e.g user writes javascript function , extension downloads code whomever interested in plugin. extension 'evals' whole bunch of code malicious. little project - don't plan reach millions of users or create income , it's school project , still want provide reasonable solution problem (it doesn't have perfect).
i thinking of few possibilities create security drawback more user-friendly:
have myself or whoever runs project go on each submitted plugin , create sure not contain malicious code(drawback approach clear, don't want go on plugins rest of life). give users ability comment on , rate plugins or inform website admin , in malicious code not downloaded much. try write automated script detects malicious code(not feasibly right?) detect vulnerable parts in extension , invest time in protecting them (for illustration cookies , localstorage). make user understand he's downloading plugin @ own risk.i hear thoughts developers , users , how approach problem keeping in mind have minimal resources project?
javascript plugins google-chrome-extension
No comments:
Post a Comment