Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible for a Chrome extension to write to a file in Chrome's system directory?

I've never really written a real Chrome extension. I did one that was just a dropdown list of links a while back, but that doesn't really count. Anyway, rather than dive head first back into the massive collection of tutorials on writing Chrome extensions, I figured I'd make sure my idea was possible first.

My plan is this: I want to take the currently playing track in Pandora's player, and send the track information to a source outside the browser (in my case, a Python script).

Getting the info itself shouldn't be hard at all; their new HTML5 interface makes that part super simple. The problem is communicating that information once I've gotten it. I'd like to avoid having to upload the data to a web server and have Python pull it from there.

Obviously, Chrome won't make it very easy for extensions to send out DBus messages or anything, but is it possible to write to a file in Chrome's system directory somewhere, and have Python pick it up? Am I being completely ridiculous in even asking such a question?

EDIT: I thought I'd report back on what I actually ended up doing for anyone who happens by this question in the future. Since I only needed this extension to work on a single computer (mine), I just installed mod_python for Apache and had my extension send its data straight to my Python script waiting on localhost. This has the advantage of not needing to poll a URL or file from Python, as I had originally assumed I'd need to. It also avoids introducing the potential security risks involved with NPAPI.

like image 766
Dan Hlavenka Avatar asked Dec 03 '11 06:12

Dan Hlavenka


1 Answers

The only way to do this, that I can think of, would be with an NPAPI extension. NPAPI lets you include a native binary with your extension that your plugin is then able to communicate with. You can do pretty much anything you like in that binary.

However, heed the warning on page I linked to above:

NPAPI is a really big hammer that should only be used when no other approach will work.

Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with content scripts or XMLHttpRequest.

Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the Chrome Web Store.

like image 199
Dean Harding Avatar answered Sep 28 '22 20:09

Dean Harding