CWS policy: Is a javascript string allowed in a data: URL?
188 views
Skip to first unread message
Ottis
Jul 31, 2025, 5:39:24 PM7/31/25
to Chromium Extensions
Hi all,
In my Chrome extension, I would like to be able to use chrome.tabs.create to open a tab with a "data:" URL that would look similar to this:
data:text/html, <html><script>console.log('hello world');</script></html>
Is this allowed under the CWS policy?
If it is allowed, am I likely to have my extension incorrectly flagged or banned for doing this? I'm worried this might get me in trouble with automated systems that look for javascript code in strings.
The rationale is that chrome extension pages, which would have URLs of the form "chrome-extension://<extensionId>/", are not allowed to load in incognito windows (even if the extension has been granted the ability to run in incognito windows).
I'd try and use chrome.scripting to inject a script, but I don't think that works with data URLs.
Thanks
data:text/html, <html><script>console.log('hello world');</script></html>
Is this allowed under the CWS policy?
If it is allowed, am I likely to have my extension incorrectly flagged or banned for doing this? I'm worried this might get me in trouble with automated systems that look for javascript code in strings.
The rationale is that chrome extension pages, which would have URLs of the form "chrome-extension://<extensionId>/", are not allowed to load in incognito windows (even if the extension has been granted the ability to run in incognito windows).
I'd try and use chrome.scripting to inject a script, but I don't think that works with data URLs.
Thanks
Oliver Dunk
Aug 1, 2025, 12:07:05 PM8/1/25
to Ottis, Chromium Extensions
Hi Ottis,
Without knowing more about the specific use cases for your extension, it's hard to say anything for certain here. Our policy focuses on us being able to understand the functionality and full capabilities of your extension.
We don't have any automation that would immediately ban an implementation like this, and for accidental violations of the remote hosted code policy you will usually be given time to make required changes.
This said, using that approach to run code especially if the user has not enabled the extension in incognito could be a concern. Ultimately I think you need to think more about the spirit of the policy here. If you're building a bookmark extension and you want to open a bookmark the user has which is a javascript URL, you are probably fine. At the other extreme, using it to unexpectedly run code in incognito that the user isn't expecting would almost certainly be a violation.
I hope that's helpful.
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/a7718aed-32a9-470f-bcd4-c43810c1c3b3n%40chromium.org.
Oliver Dunk
Aug 3, 2025, 8:12:00 AM8/3/25
to Zakiur Rahman, Chromium Extensions, Ottis
Hi Zakiur,
Unfortunately, your question is out of scope for this mailing list. I'd encourage you to ask your question here: https://support.google.com/chrome/community
Thanks,
On Sun, Aug 3, 2025 at 7:00 AM Zakiur Rahman <zaki...@gmail.com> wrote:
Dear Google Support Team, I'm encountering an ongoing issue with Chrome that's affecting the availability of all extensions. Each time I launch Chrome, I receive the following error message: “Failed to load extension from: C:\ProgramData\Direct\swapper. Manifest file is missing or unreadable.” This began after I installed third-party software, which I have since uninstalled using Revo Uninstaller. Despite reinstalling Chrome and clearing leftover traces, the issue remains. I’ve also noticed: • No extension icons are visible in the toolbar. • The “Extensions” option is missing in the menu. • chrome://extensions shows no entries. I’ve attached screenshots showing both the error dialog and the absence of extensions. Kindly advise how I can fully reset Chrome’s extension settings or resolve this issue. I suspect a residual configuration or registry entry may be causing the problem.
Zakiur Rahman
Aug 4, 2025, 3:52:24 AM8/4/25
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Ottis
Dear Google Support Team, I'm encountering an ongoing issue with Chrome that's affecting the availability of all extensions. Each time I launch Chrome, I receive the following error message: “Failed to load extension from: C:\ProgramData\Direct\swapper. Manifest file is missing or unreadable.” This began after I installed third-party software, which I have since uninstalled using Revo Uninstaller. Despite reinstalling Chrome and clearing leftover traces, the issue remains. I’ve also noticed: • No extension icons are visible in the toolbar. • The “Extensions” option is missing in the menu. • chrome://extensions shows no entries. I’ve attached screenshots showing both the error dialog and the absence of extensions. Kindly advise how I can fully reset Chrome’s extension settings or resolve this issue. I suspect a residual configuration or registry entry may be causing the problem.
On Friday, August 1, 2025 at 10:07:05 PM UTC+6 Oliver Dunk wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
Reply all
Reply to author
Forward
0 new messages