rob--w / crxviewer Goto Github PK

The search-in-file-names and search-in-file-content features are currently case-insensitive. The user needs a way to match case while searching.

The viewer becomes unresponsive for a few seconds (or even more) when a really large file is opened. When the file contains any unicode characters, the rendering time is even quadrupled.

This is not specific to the extension, it also happens in a blank document and other browsers such as Firefox.

I should try to develop a partial view, which renders only the visible lines.

Is "All rights reserved"? Sad to see it on an open source software. In package.json, README.md and addons.opera.com.

Also, https://addons.mozilla.org/firefox/addon/crxviewer/ listed as "Released under Mozilla Public License, version 2.0" for now.

I just got a new chromebook (toshiba CB2), chrome is version 38.
For some reason the action icon (CRX logo) is not showing up for any in webstore URLs
Not sure what's going on here...

In bug 1415644 they added some restrictions and now Extension source viewer just shows a 'Network error' because it can't download the source code.

https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=f96e8d3c02251534d208bafb046d007970e284a5&tochange=39e131181d442409a5df2ed945c02aca2b9baca2

I tried clearing extensions.webextensions.restrictedDomains pref but strangely it didn't work.

There is a clone in the Chrome Web store, the option panel even show a link here and show your name.

https://chrome.google.com/webstore/detail/chrome-extension-source-c/ccecihahjmplendgebiobdabbmnllnan/related

Regards

Like this one for example: https://chrome.google.com/webstore/detail/speedy-cars-memory-game/macblkncmhkhcfpjnjdidjockdbagbgk

EDIT: To be clear, I know why it's not working (the url we all use to download the crx), just want to report it

For details, see my upstream bug report: https://code.google.com/p/chromium/issues/detail?id=523677

When you encounter this problem, you can work around it by editing the URL and replacing prodchannel=unknown with prodchannel=stable (or beta, dev or canary).

Add option to download individual files.

Would be nice to have a way to automatically scan the source code of installed extensions and show a warning to users if needed.

Motivation behind request: There are several extensions in the CWS that contain unwanted adware. "Report abuse" is not acted upon.
And popular extensions are not safe from these practices either, because adware companies send mails to these developers offering huge piles of money in exchange for inserting their adware in the extensions (with lots of users, typically 100k+).

This has been a problem for me since zips of extensions using native client may not work on other computers.

I have tried to implement them, but the current code is a bit complicated, so I made a feature requests here.

1. Add "XPI" link like "CRX" to tools, but provided as download converted XPI (rename the filename and compatibility fixes like this) for Chrome Extension, and download the original XPI for Firefox add-on.
2. Hidd the META-INF directory with signature files for Firefox add-ons.
3. "XPI" instead of "CRX" for the viewer title and action icon.
4. Provide an option for just opening the viewer without popup, or an option for popup / zip / viewer when clicked the page-action.

I've been noticing a bunch of sync errors showing up in my Firefox sync logs recently which seem to be caused by this extension. The error message looks like this:

1496285752154	Sync.Engine.Extension-Storage	ERROR	Syncing [email protected]: request failed: Error: HTTP 507 Insufficient Storage: Resource access is forbidden for this user (Collection maximum size exceeded (102426 > 102400 Bytes).) (resource://gre/modules/services-common/kinto-http-client.js:1924:25) JS Stack trace: [10]</request/</<@kinto-http-client.js:1924:25 < [email protected]:98:7 < makeSpinningCallback/[email protected]:168:27 < [email protected]:234:12 < [email protected]:47:12 < [email protected]:164:21 < [email protected]:696:5 < [email protected]:320:7 < [email protected]:167:15 < [email protected]:1310:7 < [email protected]:164:21 < [email protected]:120:16 < [email protected]:1300:12 < sync/<@service.js:1292:14 < [email protected]:95:16 < [email protected]:1281:5 < [email protected]:98:7 < makeSpinningCallback/[email protected]:168:27 < [email protected]:633:9 < [email protected]:645:5 < [email protected]:1739:11 < [email protected]:3190:5 < [email protected]:5035:11 < set [email protected]:7486:9 < [email protected]:1231:9 < [email protected]:1524:5 < initialize/<@extensions.js:196:5

The problem seems to go away when the extension is disabled.

This is using Firefox 53.0.3 on Ubuntu 17.04.

The extension displays a progress bar if the file size is known, but appends dots when the file size is not.
Example of progress bar: bjgfdlplhmndoonmofmflcbiohgbkifn
Example of unknown file size: annopcfmbiofommjmcmcfmhklhgbhkce

I could use an indeterminate progress bar instead of appending dots, or fetch the expected file size from the extension overview to get a meaningful progress bar.

I'm using Firefox, and while trying to download/view this extension: https://chrome.google.com/webstore/detail/lightweight-phishing-dete/jielndbgelplgdkgaeikbhjkippcdjcp?hl=en

The following error occurs:

Failed to load https://clients2.google.com/service/update2/crx?response=redirect&os=linux&arch=x86-64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=unknown&prodversion=9999.0.9999.0&x=id%3Djielndbgelplgdkgaeikbhjkippcdjcp%26uc. Server responded with 403 Forbidden

Implement a search engine (supporting regular expressions).

Use cases:

• Speed up security audits by performing a pattern-search
• Easily discover trackers (e.g. Google analytics) in source code.
• Locate a code snippet more easily

(Firefox-only, since in Chrome the pageAction is treated like a browserAction, which can be hidden via a context menu)

In Firefox, the pageAction cannot be hidden (until https://bugzil.la/1395387 is fixed).

Let's add a context menu option to the pageaction to hide it, and a new checkbox in the options page to toggle the visibility.

https://addons.mozilla.org/en-GB/firefox/addon/diigo-web-collector/versions/?page=1#version-5.1.0.38.1-signed.1-signed for example, I might be more interested in Diigo Toolbar 5.x than in more recent Diigo Web Collector 3.x

Another example: https://addons.mozilla.org/firefox/addon/vertical-tabs-reloaded/versions/beta there's 0.8.4-alpha but Extension source viewer appears to show code for an earlier version.

Try with several extensions, all showing the same error.

Network error for https://clients2.google.com/service/update2/crx?response=redirect&os=win&arch=x86-64&nacl_arch=x86-64&prod=chromecrx&prodchannel=unknown&prodversion=44.0.2403.155&x=id%3Dextension-id%26uc

It says on AMO that the extension is under the MPL but I don't see a LICENSE file in the source code. Consider adding one?

The XPI URL is currently based on

For reviewers, the shown XPI should preferably be the URL of the latest (potentially unreviewed) add-on. It seems that the only way to do this is through the API:
http://addons-server.readthedocs.io/en/latest/topics/api/index.html / https://addons-server.readthedocs.io/en/latest/topics/api/addons.html#detail .

A change to the Webstore on June 6 (worked on 5th) has resulted in this extension, and all other similar tools, not able to get Webstore items. This is the same on Windows and Chrome OS, Stable and Canary.

Feedback via the CWS:

Wish you sum up all sizes and show the total :)

User-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.80 Safari/537.36

If you enable "Allow access to all URLs", then it can't download any extensions anymore because it's missing an Origin header when you try to proxy through cors-everywhere.heroku.com

Compare:

and

Problem is the preprocessor does not look inside subfolders and the code that handles the downloading is located on src/lib/

Simple fix would be just include the file in the preprocess config:

            [SRC_DIR + 'lib/crx-to-zip.js', dest_dir + 'lib/crx-to-zip.js'],

No matter whether or not set to ask for download folder, download goes to whatever default folder is is indicated. in Firefox (57, at least) no save folder selection dialog comes up - just saves to whatever default folder. It's not that much of a problem with Chrome, since the desired download folder can be selected when the confirmation opens (set to the default folder, ignoring the folder previously selected) but still ...

Hi,

first of all thanks for a great extension!

Is there a way to show on disk locally where the extension and its files are stored?
(for an extension already installed)

Currently, only "chrome-extension://..." is visible.

Thank you

Yves

I'm migrating from Firefox to Chromium and so I have installed this addon in Chromium but I don't see the button in the Omnibox when I go on AMO or the Chrome Store ????? ❓ 😕

I even restarted Chromium to be sure but it's the same thing... Does I have to enable something special in Chromium to be able to see the button in the omnibox ?

Regards

I have no concept on how Chrome webstore's DRM works, but CRX viewer can be used to download paid apps in zip folders, now I'm sure there's probably inapp drm or something, but that seems like a bit of an oversight considering a malicious user could load the unzipped folder as a entirely new extension and basically use any app they find for free. Unless I'm wrong.

A user has expressed interest in seeing a localized interface.

On latest Firefox Nightly build 58.0a1 (2017-11-02) (64-bit) icon is always visible in locationbar disregarding the Settings option "Show a page action button in the locationbar of extension installation pages"

Hello,
it seems to me that since chrome moved all the extension buttons on the toolbar this particular extension doesn't work anymore.
I read on the chrome store you suggested to right click on a particular extension page on the store and "View Extension Source" but even that one is not working for me anymore.

Chrome Version 49.0.2623.87 (64-bit) On Mac Os

Apparently it is possible to submit Edge extensions: https://stackoverflow.com/questions/38803483/how-to-publish-edge-extensions-on-the-windows-store

For example, https://www.microsoft.com/en-us/store/p/lastpass-free-password-manager/9nblggh4v7x0

The "Get the app" button is only clickable when the user agent is Microsoft Edge, and the link points to ms-windows-store://pdp/?productid=9NBLGGH4V7X0&referrer=unistoreweb&scenario=click&webig=b8ef09a9-c3a5-465e-8feb-05e26c67b366&websession=4a81cfb5acb24036986abea0705a45b4

Now, if there was a way to convert the store's URL to a URL from where the extension package can be downloaded as a zip-like file, then it could be displayed in the extension source viewer.

View the crx of https://chrome.google.com/webstore/detail/surfingkeys/gfbliohnnapiefjpjlpjnehglfpaknnc.
_metadata/verified_contents.json is shown.

Currently a page action popup opens when the page action button is clicked. This popup displays two buttons, "Download as zip", "View source" (and in Opera: "Install").

Let's add an option to not show a popup with buttons, but either "Download" or "View Source".
I am thinking of a context menu item at the page action called "Default action", with three choices: "Prompt" (default), "Download as zip" and "View source".
The option can also be set at the options page, via a dropdown button.

(originally requested at #48)

I sometimes use the extension to quickly check the code inside my published extensions, but I have the code formatted the way I like, and thus usually open up a copy inside Gdrive to copy and paste some of my code.

When a zip/extension file contains an empty file (0 bytes), it is not hidden when I search using !searchterm in the upper-left input box. Since an empty file does not match a non-empty search result, it should be hidden.

What actually happens is that the file name is faded out, as if the search is permanently in progress.

The code formatter currently formats any script tag as JavaScript code. Displaying this HTML in unmodified form would be nice.

This does not occur at http://jsbeautifier.org/, so the bug would probably be fixed after upgrading the JS beautify libraries.

Forking from https://github.com/Rob--W/crxviewer/issues/35#issuecomment-272752820 :

Sounds good. Maybe even with a list of known libraries *, or inputting an external URL to verify that the two files match.

* e.g. from https://github.com/mozilla/amo-validator/blob/master/validator/testcases/hashes-allowed.txt

Another thing to consider is trailing whitespace. I have seen too often that a hash does not match because of a difference in whitespace.

The icon do not show up anymore in the adress bar inside the Chrome Web Store.

I haven't tested the Firefox add-on with Android. There are no real technical objections to explicitly support Firefox on Android. Most work is in improving the UI/UX of the viewer for small touchscreen devices.

Could we have a dark theme?

And color coding?

:)

Chrome version: 57.0.2987.110
Steps to reproduce:

1. Install the CRX Viewer Chrome extension
2. Open chrome-extension://jifpbeccnghkjeaalbbjmodiffmgedin/crxviewer.html?crx=https%3A%2F%2Faddons.mozilla.org%2Ffirefox%2Fdownloads%2Ffile%2F528039%2Fbetterprivacy_signed-1.77-fx-linux.xpi
3. Click on META-INF/mozilla.rsa
4. Search for "@" by entering "!@" in the text field.
5. Click on "H" to highlight all search results.

Expected result:

• The red boxes are around a "@".

Actual result:

• The red boxes are not around "@".

(If the bug does not show up, set the window width to 1224 pixels (window.innerWidth === 1224)).

More info:

• The file to be viewed is a binary file. It seems that the browser does not properly word-wrap the content (break-all does not work as expected); lines are broken before the end of the line has been reached, and when the search highlight positioner inserts text in an attempt to position the highlight, the absence of further text after the highlighted text prevents the line from being broken. Consequently the highlight is not positioned over the actual text.

Even if the extension is not found, the key should still be printed for the id in the url.

It would be nice if this or another extension could view the source of Firefox Marketplace items, especially since they cannot be installed in Chrome OS.

It would be great to have a way to hash files by MD5/SHA1 to detect legit minified JavaScript libraries and fake ones with extra injected code.

The search-in-file-content feature shows matching files, but does not offer a way to navigate between search results in a file. Ctrl + F works somewhat, but the UX is not optimal and it does not work for searches that require a regular expression.

An option to check the plugin for malware either by accident or that Google might construe as malware for removal so the plugin can work without being shut down by Google.

an option to not add mouse right click menu.
thanks.