Is it possible to Base64 encode a chrome extension?

Question

I was looking to base64 encode a portion of my chrome extension. However, it did not work when I tried to test it. (The extension works fine when not encoded).

Is it possible to Base64 encode a portion of javascript for use in a Chrome extension? If so, how?

Answer 1

The global atob method can be used to decode base64 strings (and btoa can be used to encode a string as base64). After decoding a string eval can be used to parse the string as code, and run it.

For example, here's a one-liner to print the ID of the current extension:

alert(eval(atob('Y2hyb21lLmkxOG4uZ2V0TWVzc2FnZSgnQEBleHRlbnNpb25faWQnKQ==')));

Explanation

I generated the previous base64 string by typing btoa("chrome.i18n.getMessage('@@extension_id')") in the JavaScript console. You're free to use any other method (such as the base64 command). Here's the full breakdown of the previous one-liner.

alert(eval(atob(btoa("chrome.i18n.getMessage('@@extension_id')")));
//atob decodes from base64, btoa encodes to base64, so they cancel out each other
alert(eval(          "chrome.i18n.getMessage('@@extension_id')" ));
//eval parses the string as code, so we get
alert(                chrome.i18n.getMessage('@@extension_id')   );

Content security policy

If you want to use this method in the extension's process (e.g. background / popup page), the Content Security policy needs to be adjusted. By default, code generation from strings is forbidden. To override this default policy, add the following entry to the manifest file:

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"