Background script, chrome.tabs.create and local files

[Andrei]

Hi all!
From background scripts possible to open (with use chrome.tabs.create) local URI (for example: file:///etc) without user interaction, this seems strange. I'm wrong?

Chrome ("Developer mode"): 51.0.2704.106 (64-bit)
Chromium ("Developer mode"): 50.0.2661.94

background.js:
function createdTab(tab) {
    console.log('openned', tab);
};
var url = { "url": "file:///etc" };
setTimeout(() => { console.log('open'); chrome.tabs.create(url, createdTab); }, 10000);

manifest.json:
{
    "name": "myExtension",
    "version": "0.1",
    "description": "Description",
    "permissions": [
    "tabs"
    ],
    "background": {
        "scripts": ["background.js"]
      },

    "manifest_version": 2
}

[PhistucK]

Sounds like it should work. Did you allow file access in chrome:extensions for that extension (I do not think it is needed in this case, but, oh, well)?

Also, is the tab created if you call it right away and not in setTimeout?

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/8133f0f5-817e-490a-8b14-eab8afa1042f%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

[Andrei]

Thank you very much for your reply!
The script works! But in my opinion it MUST NOT work.

I deliberately used a setTimeout to avoid any interaction with user. I also can  successfully run chrome.tabs.create('file:///etc') in Developer Tools (debug background page).

In my opinion chrome.tabs.create('file:///etc') should cause exception (error): “URL not allowed”. Since we did not ask the user for permission.
For example, the same code in Firefox will produce a following error: “Unchecked lastError value: Error: URL not allowed: file:///etc”

I want to understand: this feature of behavior in Chromium or this is a bug?

[PhistucK]

Oh! Sorry, I guess I did not read through the whole message.

This is perfectly fine. Opening a tab with whatever URL does not require any permission. You do not even need the "tabs" permission to use chrome.tabs.create, unless you want to interact with it somehow (get it using chrome.tabs.query and such).

☆PhistucK

--

You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/01af4bef-55ef-4075-85af-ece05082ba4a%40chromium.org.

[Andrei]

I really do not understand why. The main aspect – opening a local file, to read any local file, browser should prompt the user to select such file, as I guess.
For example, Chrome App, description of chrome.fileSystem, https://developer.chrome.com/apps/fileSystem:
“Use the chrome.fileSystem API to create, read, navigate, and write to the user's local file system. With this API, Chrome Apps can read and write to a USER-SELECTED location.”
But with use a chrome.tabs.create({url: 'file:///etc/passwd'}) I can read content of local file without user interaction.

Likely, I should mark this thread as completed.
Thank you for attention and help!

[Andrei]

https://bugs.chromium.org/p/chromium/issues/detail?id=623505

[PhistucK]

But unless you are checking that checkbox, you cannot actually read. You can make the browser show it, but you do not have access to the content so from the perspective of the extension, it cannot do anything with the files.

☆PhistucK

On Fri, Jul 1, 2016 at 6:32 PM, Andrei <willmak...@gmail.com> wrote:

https://bugs.chromium.org/p/chromium/issues/detail?id=623505

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/daf2b07f-f2b2-4a8c-b0fc-64600ffee016%40chromium.org.