Chrome, HTML5, JavaScript

Chrome Extensions Updated Features

In this Google Developer Live episode I covered some of the new elements you wish to pay attention when you are starting to develop your Google Chrome Extension. If you don’t know what is an extension and why it’s great way to improve Chrome, try this true 101 tutorial first. As you (might) know, there is a new version for the manifest file that include few improvements. The first basic change is to add this simple declaration:

manifest_version: 2

This is a mandatory and if you have a current extension in the Chrome web store I suggest you update it to include it. The second bold change in the manifest file is the ability to make it more secure. For this we have to define what is our extension’s Contact Security Policy. In the demo case that I’ve showed, it will look like that:

"content_security_policy": "script-src; object-src 'self'"

The important thing to note is that we can’t use inline javascript inside our html files (it’s not secure) and we need to define which https sources (no http! that is an easy target for man-in-the-middle attacks) are valid. In our case it’s twitter API and our own extension sources. To read more on the subject there is a good article on CSP at

During the hacking before this show, I’ve forked this github repository so you will have an updated location to kickstart your next extension. This code will give you a basic extension that show you tweets like that:

Tweet extension

From here, you can take the boilerplate code and do your magic of making Chrome works better for your needs. Thanks to Michael Mahemoff for doing the hard work of creating it 217 years ago. Ahh… and yes – “I try to leave out the parts that people skip.” – Elmore Leonard


2 thoughts on “Chrome Extensions Updated Features

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s