Using iframe and sharing info via get method
68 views
Skip to first unread message
Adnan Toky
Jul 3, 2023, 6:02:54 AM7/3/23
to Chromium Extensions
I'm working on an extension that opens an iframe on a button click next to the youtube video with a src of "https://example.com/videoId" where the videoId is the youtube video id the user is watching. The iframe renders some info about the video content. The website uses firebase authentication and firestore database. The only info shared between the website and extension is the video id. Does this violet any policy of chrome web store? Is it ok to share the video id via url instead of using a post method?
Oliver Dunk
Jul 3, 2023, 6:18:00 AM7/3/23
to Adnan Toky, Chromium Extensions
Hi Adnan,
While we can't say for sure without seeing the implementation, that sounds fine to me.
The two policies I'd be most concerned about are:
- Remote hosted code restrictions given you are using an iframe: https://developer.chrome.com/docs/webstore/program-policies/mv3-requirements/. These would only matter if your iframe had a lot of power, though. Given it is only getting a fairly non-sensitive piece of information and it doesn't sound like it is doing much communication back to the extension, this seems fine.
- Disclosure requirements: https://developer.chrome.com/docs/webstore/program-policies/disclosure-requirements/. I trust that you're going to make it clear how the extension works to users, though.
As a note, the Side Panel may be a great option for this: https://developer.chrome.com/docs/extensions/reference/sidePanel/
Hope that helps!
On Mon, Jul 3, 2023 at 11:03 AM Adnan Toky <adnant...@gmail.com> wrote:
I'm working on an extension that opens an iframe on a button click next to the youtube video with a src of "https://example.com/videoId" where the videoId is the youtube video id the user is watching. The iframe renders some info about the video content. The website uses firebase authentication and firestore database. The only info shared between the website and extension is the video id. Does this violet any policy of chrome web store? Is it ok to share the video id via url instead of using a post method?
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/46ca2b7d-1cbf-45e1-9f2c-9382b24d7865n%40chromium.org.
Adnan Toky
Jul 3, 2023, 6:50:40 AM7/3/23
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Adnan Toky
Thanks for your reply. One more thing I'd like to ask about. On the privacy practices section of the extension dashboard, I'm asked whether I'm using remote code or not. What should be the answer for the above scenario where an external website a loaded through iframe?
Oliver Dunk
Jul 3, 2023, 7:00:05 AM7/3/23
to Adnan Toky, Chromium Extensions
I think you should be fine saying no, but you could also say yes and provide an explanation that it is just an iframe :)
Reply all
Reply to author
Forward
0 new messages