Summary of Message passing  |  Extensions  |  Chrome for Developers

  • developer.chrome.com
  • Article
  • Summarized Content

    Introduction to Messaging in Chrome Extensions

    Chrome extensions often need a way for their components (content scripts, service workers, and web pages) to communicate with each other. The messaging feature in chrome extensions enables this communication through message passing, allowing both extensions and content scripts to listen for and respond to messages on the same channel.

    • Messages can contain any valid JSON object (null, boolean, number, string, array, or object).
    • There are two messaging APIs: one for one-time requests and another for long-lived connections that allow multiple messages to be sent.
    • Cross-extension messaging allows extensions to expose a public API for other extensions to use.

    One-time Requests in Chrome Extensions

    To send a single message to another part of a chrome extension and optionally receive a response, use the runtime.sendMessage() or tabs.sendMessage() methods. These methods allow sending a one-time JSON-serializable message from a content script to the extension or vice versa.

    • Use a promise or a callback (for backward compatibility) to handle the response.
    • If using callbacks, sendResponse() is only valid if used synchronously or if the event handler returns true for an asynchronous response.

    Long-lived Connections in Chrome Extensions

    To create a reusable long-lived message passing channel, call runtime.connect() or tabs.connect(). Each end is assigned a runtime.Port object for sending and receiving messages through that connection.

    • Use the port.postMessage() method to send messages through the connection.
    • Listen for incoming connections using the runtime.onConnect event listener.
    • Monitor the runtime.Port.onDisconnect event to handle connection closures.

    Cross-extension Messaging in Chrome Extensions

    Chrome extensions can communicate with other extensions using the messaging API, allowing them to expose a public API. Use the runtime.onMessageExternal and runtime.onConnectExternal methods to listen for incoming requests and connections from other extensions.

    • To send a message to another extension, pass the extension ID using runtime.sendMessage() or runtime.connect().
    • Specify which websites can communicate with your extension using the "externally_connectable" manifest key.
    • Listen for messages from web pages using the runtime.onMessageExternal or runtime.onConnectExternal APIs.

    Native Messaging in Chrome Extensions

    Chrome extensions can exchange messages with native applications registered as a native messaging host. This allows extensions to communicate with native applications running on the user's system.

    Security Considerations for Chrome Extensions Messaging

    When dealing with messaging in chrome extensions, it's important to consider the following security aspects:

    • Content scripts are less trustworthy than the extension service worker, as they can be compromised by a malicious web page. Validate and sanitize all input from content scripts.
    • Protect your scripts against cross-site scripting (XSS) by avoiding interpreting untrusted data as HTML or using it in a way that could allow unexpected code to run.
    • Use safer methods like JSON.parse() and innerText instead of eval() and innerHTML to avoid XSS vulnerabilities.

    Discover content by category

    Ask anything...

    Sign Up Free to ask questions about anything you want to learn.