|
|
|
|
|
|
by aboodman
5476 days ago
|
|
|
Did you investigate requesting the files directly from the filesystem, like "file:///home/monkey/.js/google.com.js". You'd need to tell users to enable file access for the extension though chrome://extensions/, since that isn't enabled by default and users have to opt into it. I also don't know if there is a way to get the current user's homedir without hardcoding it. Also: you're being super careful to not allow arbitrary reading of the filesystem, right? A good sanity check would be to ensure that realpath() of any file served is under ~/.js before handing it off. |
|
|