Clojurians Log v2
dirac
Feel free to ask. I will get back to it.
I was wondering what prerequisites are necessary to generate chromex from js API
my question is pretty simple, do you think generation process that you apply on chrome extension api would be portable in some way to google charts https://www.google.com/uds/modules/gviz/gviz-api.js
https://developers.google.com/chart/interactive/docs/reference
absolutely not portable, chromium devs described their api via JSON, this data structure is used mainly for generating their documentation site[1], I simply abused the fact and generate clojure code from that JSON: https://github.com/binaryage/chromex/tree/master/tools [1] https://developer.chrome.com/extensions/api_index
ok
gviz people most likely have nothing to do with chromium and I doubt they would have some similar data describing their apis
ok ok
thx 🙂
so I should
1 - use directly js
or 2 - wrap native js api into cljs functions
not sure, I’m not familiar with those apis
but in general yes, either use js interop directly or hide it behind a wrapper library
Ok, thanks @darwin ! And the chromex lib is impressive ! 👏👏👏
thanks 🙂
btw. when getting your hands dirty with js interop, check out https://github.com/binaryage/cljs-oops
chromex uses it internally
I've seen it but never tried
ah, wait, maybe not
actually yes: https://github.com/binaryage/chromex/releases/tag/v0.5.0
I forgot already...
I started to read what you can do with a chrome extension
And you can do quite a lot... #bigbrother
yep, I consider chrome as a very attractive application platform
I use chrome extension, but I never paid for one (and I buy a lot of apps/saas/softwares)
I am not sure people are ready to buy chrome extension
right, monetization is an open question
Should be possible as a support for a standalone product
"Chrome extension adds some magic to my super product "
Wow, I never realized chromex could do so much stuff! It makes me wonders how hard it can be to install and hide an evil chrome app...
pretty hard
btw. Google can black-list/uninstall extensions installed from the chrome web store.
and in general they take security/privacy very seriously
well forget hiding as most people wouldn't even notice something wrong with browser until nothing works... All you need to do is get them to install your app right?
so you as a user would have to give strong permissions to an evil extensions
again most people would never even read about your permissiong just click next.
the only barrier is that chrome web store is the only place I can get extensions from or not evne?
you can install them by hand, from a “zip” file
heh yeah I guess at that point you might as well install an exe and get them to give you admin rights..
right, the same applies to any platform if you assume that users are stupid 🙂
but still that might have to deal with AVs and on mac little snitch whitelisting chrome is so common that is a nice vector...
as I said, they have a mechanism how to remove malware/rogue code if it turns out to be an issue
I just think it would be easy to trick even someone like me into installing a seamingly friendly chrome extension (ie dirac ?! 🙂 ) that would call home and screencapture and shit
not easy, the apis are pretty limited
and again you would have to give it really strong permissions, which is not something you would want to do for a usual extension
but there could be some attack vectors, but we yet have to see some real incidents in the wild
ok I'll take your words for it 😉 at first glance it does look quite worrying but you are correct that at least there is such permission mechanish... I'm just getting a little more worried about browsers everyday I think
chrome people are quite capable, I trust them that they find a good balance - features vs. security/privacy
Yeah you may be right 🙂 Still I never realized chromium could do all that stuff, I thought sure maybe chrome with their bunch of exts but plain chromium doing all that wow.. I guess you do need all that to be a true platform so yeah I'm not sure why I'm surprised.