rob--w / crxviewer Goto Github PK
View Code? Open in Web Editor NEWAdd-on / web app to view the source code of Chrome / Firefox / Opera 15 extensions and zip files.
Home Page: https://robwu.nl/crxviewer/
License: Mozilla Public License 2.0
Add-on / web app to view the source code of Chrome / Firefox / Opera 15 extensions and zip files.
Home Page: https://robwu.nl/crxviewer/
License: Mozilla Public License 2.0
The search-in-file-names and search-in-file-content features are currently case-insensitive. The user needs a way to match case while searching.
The viewer becomes unresponsive for a few seconds (or even more) when a really large file is opened. When the file contains any unicode characters, the rendering time is even quadrupled.
This is not specific to the extension, it also happens in a blank document and other browsers such as Firefox.
I should try to develop a partial view, which renders only the visible lines.
Is "All rights reserved"? Sad to see it on an open source software. In package.json, README.md and addons.opera.com.
Also, https://addons.mozilla.org/firefox/addon/crxviewer/ listed as "Released under Mozilla Public License, version 2.0" for now.
I just got a new chromebook (toshiba CB2), chrome is version 38.
For some reason the action icon (CRX logo) is not showing up for any in webstore URLs
Not sure what's going on here...
In bug 1415644 they added some restrictions and now Extension source viewer just shows a 'Network error' because it can't download the source code.
I tried clearing extensions.webextensions.restrictedDomains
pref but strangely it didn't work.
There is a clone in the Chrome Web store, the option panel even show a link here and show your name.
Regards
Like this one for example: https://chrome.google.com/webstore/detail/speedy-cars-memory-game/macblkncmhkhcfpjnjdidjockdbagbgk
EDIT: To be clear, I know why it's not working (the url we all use to download the crx), just want to report it
For details, see my upstream bug report: https://code.google.com/p/chromium/issues/detail?id=523677
When you encounter this problem, you can work around it by editing the URL and replacing prodchannel=unknown
with prodchannel=stable
(or beta
, dev
or canary
).
Add option to download individual files.
Would be nice to have a way to automatically scan the source code of installed extensions and show a warning to users if needed.
Motivation behind request: There are several extensions in the CWS that contain unwanted adware. "Report abuse" is not acted upon.
And popular extensions are not safe from these practices either, because adware companies send mails to these developers offering huge piles of money in exchange for inserting their adware in the extensions (with lots of users, typically 100k+).
This has been a problem for me since zips of extensions using native client may not work on other computers.
I have tried to implement them, but the current code is a bit complicated, so I made a feature requests here.
I've been noticing a bunch of sync errors showing up in my Firefox sync logs recently which seem to be caused by this extension. The error message looks like this:
1496285752154 Sync.Engine.Extension-Storage ERROR Syncing [email protected]: request failed: Error: HTTP 507 Insufficient Storage: Resource access is forbidden for this user (Collection maximum size exceeded (102426 > 102400 Bytes).) (resource://gre/modules/services-common/kinto-http-client.js:1924:25) JS Stack trace: [10]</request/</<@kinto-http-client.js:1924:25 < [email protected]:98:7 < makeSpinningCallback/[email protected]:168:27 < [email protected]:234:12 < [email protected]:47:12 < [email protected]:164:21 < [email protected]:696:5 < [email protected]:320:7 < [email protected]:167:15 < [email protected]:1310:7 < [email protected]:164:21 < [email protected]:120:16 < [email protected]:1300:12 < sync/<@service.js:1292:14 < [email protected]:95:16 < [email protected]:1281:5 < [email protected]:98:7 < makeSpinningCallback/[email protected]:168:27 < [email protected]:633:9 < [email protected]:645:5 < [email protected]:1739:11 < [email protected]:3190:5 < [email protected]:5035:11 < set [email protected]:7486:9 < [email protected]:1231:9 < [email protected]:1524:5 < initialize/<@extensions.js:196:5
The problem seems to go away when the extension is disabled.
This is using Firefox 53.0.3 on Ubuntu 17.04.
The extension displays a progress bar if the file size is known, but appends dots when the file size is not.
Example of progress bar: bjgfdlplhmndoonmofmflcbiohgbkifn
Example of unknown file size: annopcfmbiofommjmcmcfmhklhgbhkce
I could use an indeterminate progress bar instead of appending dots, or fetch the expected file size from the extension overview to get a meaningful progress bar.
I'm using Firefox, and while trying to download/view this extension: https://chrome.google.com/webstore/detail/lightweight-phishing-dete/jielndbgelplgdkgaeikbhjkippcdjcp?hl=en
The following error occurs:
Failed to load https://clients2.google.com/service/update2/crx?response=redirect&os=linux&arch=x86-64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=unknown&prodversion=9999.0.9999.0&x=id%3Djielndbgelplgdkgaeikbhjkippcdjcp%26uc. Server responded with 403 Forbidden
Implement a search engine (supporting regular expressions).
Use cases:
(Firefox-only, since in Chrome the pageAction is treated like a browserAction, which can be hidden via a context menu)
In Firefox, the pageAction cannot be hidden (until https://bugzil.la/1395387 is fixed).
Let's add a context menu option to the pageaction to hide it, and a new checkbox in the options page to toggle the visibility.
https://addons.mozilla.org/en-GB/firefox/addon/diigo-web-collector/versions/?page=1#version-5.1.0.38.1-signed.1-signed for example, I might be more interested in Diigo Toolbar 5.x than in more recent Diigo Web Collector 3.x
Another example: https://addons.mozilla.org/firefox/addon/vertical-tabs-reloaded/versions/beta there's 0.8.4-alpha but Extension source viewer appears to show code for an earlier version.
Try with several extensions, all showing the same error.
It says on AMO that the extension is under the MPL but I don't see a LICENSE file in the source code. Consider adding one?
The XPI URL is currently based on
Line 60 in 2972e4f
For reviewers, the shown XPI should preferably be the URL of the latest (potentially unreviewed) add-on. It seems that the only way to do this is through the API:
http://addons-server.readthedocs.io/en/latest/topics/api/index.html / https://addons-server.readthedocs.io/en/latest/topics/api/addons.html#detail .
A change to the Webstore on June 6 (worked on 5th) has resulted in this extension, and all other similar tools, not able to get Webstore items. This is the same on Windows and Chrome OS, Stable and Canary.
Feedback via the CWS:
Wish you sum up all sizes and show the total :)
User-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.80 Safari/537.36
If you enable "Allow access to all URLs", then it can't download any extensions anymore because it's missing an Origin
header when you try to proxy through cors-everywhere.heroku.com
Problem is the preprocessor does not look inside subfolders and the code that handles the downloading is located on src/lib/
Simple fix would be just include the file in the preprocess config:
[SRC_DIR + 'lib/crx-to-zip.js', dest_dir + 'lib/crx-to-zip.js'],
No matter whether or not set to ask for download folder, download goes to whatever default folder is is indicated. in Firefox (57, at least) no save folder selection dialog comes up - just saves to whatever default folder. It's not that much of a problem with Chrome, since the desired download folder can be selected when the confirmation opens (set to the default folder, ignoring the folder previously selected) but still ...
Hi,
first of all thanks for a great extension!
Is there a way to show on disk locally where the extension and its files are stored?
(for an extension already installed)
Currently, only "chrome-extension://..." is visible.
Thank you
Yves
I'm migrating from Firefox to Chromium and so I have installed this addon in Chromium but I don't see the button in the Omnibox when I go on AMO or the Chrome Store ????? โ ๐
I even restarted Chromium to be sure but it's the same thing... Does I have to enable something special in Chromium to be able to see the button in the omnibox ?
Regards
I have no concept on how Chrome webstore's DRM works, but CRX viewer can be used to download paid apps in zip folders, now I'm sure there's probably inapp drm or something, but that seems like a bit of an oversight considering a malicious user could load the unzipped folder as a entirely new extension and basically use any app they find for free. Unless I'm wrong.
A user has expressed interest in seeing a localized interface.
On latest Firefox Nightly build 58.0a1 (2017-11-02) (64-bit) icon is always visible in locationbar disregarding the Settings option "Show a page action button in the locationbar of extension installation pages"
Hello,
it seems to me that since chrome moved all the extension buttons on the toolbar this particular extension doesn't work anymore.
I read on the chrome store you suggested to right click on a particular extension page on the store and "View Extension Source" but even that one is not working for me anymore.
Chrome Version 49.0.2623.87 (64-bit) On Mac Os
Apparently it is possible to submit Edge extensions: https://stackoverflow.com/questions/38803483/how-to-publish-edge-extensions-on-the-windows-store
For example, https://www.microsoft.com/en-us/store/p/lastpass-free-password-manager/9nblggh4v7x0
The "Get the app" button is only clickable when the user agent is Microsoft Edge, and the link points to ms-windows-store://pdp/?productid=9NBLGGH4V7X0&referrer=unistoreweb&scenario=click&webig=b8ef09a9-c3a5-465e-8feb-05e26c67b366&websession=4a81cfb5acb24036986abea0705a45b4
Now, if there was a way to convert the store's URL to a URL from where the extension package can be downloaded as a zip-like file, then it could be displayed in the extension source viewer.
View the crx of https://chrome.google.com/webstore/detail/surfingkeys/gfbliohnnapiefjpjlpjnehglfpaknnc.
_metadata/verified_contents.json
is shown.
Currently a page action popup opens when the page action button is clicked. This popup displays two buttons, "Download as zip", "View source" (and in Opera: "Install").
Let's add an option to not show a popup with buttons, but either "Download" or "View Source".
I am thinking of a context menu item at the page action called "Default action", with three choices: "Prompt" (default), "Download as zip" and "View source".
The option can also be set at the options page, via a dropdown button.
(originally requested at #48)
I sometimes use the extension to quickly check the code inside my published extensions, but I have the code formatted the way I like, and thus usually open up a copy inside Gdrive to copy and paste some of my code.
When a zip/extension file contains an empty file (0 bytes), it is not hidden when I search using !searchterm
in the upper-left input box. Since an empty file does not match a non-empty search result, it should be hidden.
What actually happens is that the file name is faded out, as if the search is permanently in progress.
The code formatter currently formats any script tag as JavaScript code. Displaying this HTML in unmodified form would be nice.
This does not occur at http://jsbeautifier.org/, so the bug would probably be fixed after upgrading the JS beautify libraries.
Forking from https://github.com/Rob--W/crxviewer/issues/35#issuecomment-272752820 :
Sounds good. Maybe even with a list of known libraries *, or inputting an external URL to verify that the two files match.
* e.g. from https://github.com/mozilla/amo-validator/blob/master/validator/testcases/hashes-allowed.txt
Another thing to consider is trailing whitespace. I have seen too often that a hash does not match because of a difference in whitespace.
The icon do not show up anymore in the adress bar inside the Chrome Web Store.
I haven't tested the Firefox add-on with Android. There are no real technical objections to explicitly support Firefox on Android. Most work is in improving the UI/UX of the viewer for small touchscreen devices.
Could we have a dark theme?
And color coding?
:)
>node --version
v8.1.4
>node make.js
Building Chrome extension...
D:\repo\crxviewer\external\builder.js:85
line = line.replace(/__[\w]+__/g, function(variable) {
^
TypeError: Cannot read property 'replace' of undefined
at expand (D:\repo\crxviewer\external\builder.js:85:16)
at preprocess (D:\repo\crxviewer\external\builder.js:155:13)
at D:\repo\crxviewer\external\builder.js:306:7
at Array.forEach (native)
at D:\repo\crxviewer\external\builder.js:300:13
at Array.forEach (native)
at Object.build (D:\repo\crxviewer\external\builder.js:295:20)
at build (D:\repo\crxviewer\make.js:72:13)
at Function.target.chrome (D:\repo\crxviewer\make.js:128:5)
at Object.global.target.(anonymous function) [as chrome] (D:\repo\crxviewer\node_modules\shelljs\make.js:36:40)
Chrome version: 57.0.2987.110
Steps to reproduce:
chrome-extension://jifpbeccnghkjeaalbbjmodiffmgedin/crxviewer.html?crx=https%3A%2F%2Faddons.mozilla.org%2Ffirefox%2Fdownloads%2Ffile%2F528039%2Fbetterprivacy_signed-1.77-fx-linux.xpi
META-INF/mozilla.rsa
Expected result:
Actual result:
(If the bug does not show up, set the window width to 1224 pixels (window.innerWidth === 1224)).
More info:
Even if the extension is not found, the key should still be printed for the id in the url.
It would be nice if this or another extension could view the source of Firefox Marketplace items, especially since they cannot be installed in Chrome OS.
It would be great to have a way to hash files by MD5/SHA1 to detect legit minified JavaScript libraries and fake ones with extra injected code.
The search-in-file-content feature shows matching files, but does not offer a way to navigate between search results in a file. Ctrl + F works somewhat, but the UX is not optimal and it does not work for searches that require a regular expression.
An option to check the plugin for malware either by accident or that Google might construe as malware for removal so the plugin can work without being shut down by Google.
an option to not add mouse right click menu.
thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.