开发者

Encrypt Chrome-extension?

开发者 https://www.devze.com 2023-01-30 11:21 出处:网络
Anyway to encrypt a Chrome-extension from not exposing the source 开发者_开发知识库code?you can hide your code using obfuscator. there are lots of available in market.

Anyway to encrypt a Chrome-extension from not exposing the source 开发者_开发知识库code?


you can hide your code using obfuscator. there are lots of available in market.

there are few tools like Google Closure compiler, and lots of online javascript ofuscators are available in market. you can use any. but it doesn't guarantee the confidentialness of the code. anyone expert with javascript can de-obfuscate that code.

Here are two methods: 1. make your functionality available via web services. so important code reside on server and extension will communicate with the server and will process the output from server. 2. use NPAPI but its not a good method.

As per me a good strategy is to try to give a good extensions to user. if there is already something awesome in market no body will try to copy your addon. try to be ahead of your competitors.

EDIT: NPAPI is deprecated.


as you can read here you can't. you can make your code hard to read and understand, but thats all.

(that other question is about hiding the javascript-code in an html-page, but thats mostly the same (as far as i know, chrome-extension are just written in js/css/html, please correct me if i'm wrong))


With manifest v2 obfuscators are harder to used because eval is considered unsafe security reasons.

Perhaps one of the biggest changes in the new manifest v2 scheme is that extensions can no longer use dynamic script evaluation techniques like eval() or new Function(), or pass strings of JS code to functions that will cause an eval() to be used, like setTimeout(). In addition, certain commonly used JavaScript libraries, such as Google Maps and certain templating libraries, are known to use some of these techniques.

Source https://developer.chrome.com/extensions/tut_migration_to_manifest_v2#using

I recommend just minifying the code. The way minifiers work (given they do not all work completely the same) is they remove every space a change your variable names to single letters to reduce characters. This removes a lot of the meaning from your code and makes ut very hard to read. It is not full proof, but it will at add an extra very tedious step to read your code. On top of that minifiers were designed for compression and to make your code run faster. My favorite minifier is UglifyJS.


  1. leave important code logic on your server (webservices help)
  2. inject sensitive html and js into iframes(the creation of this html can be done dynamically)

But I guess it all boils down to the architecture of your code

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号