(claude.com)

1. codegladiator ◴[21 Dec 25 06:06 UTC] No.46342648[source]▶

How did chrome webstore team approve use of eval/new function in chrome plugin ? Isn't that against their tos ?

  Execute JavaScript code in the context of the current page

replies(3): >>46342661 #>>46344105 #>>46346913 #

2. anamexis ◴[21 Dec 25 06:08 UTC] No.46342661[source]▶

>>46342648 (TP) #

Doesn’t basically every Chrome extension execute JavaScript in the context of the page?

replies(1): >>46342672 #

3. codegladiator ◴[21 Dec 25 06:10 UTC] No.46342672[source]▶

>>46342661 #

That's the javascript included in the plugin crx. This is about code retrieved over API being executed (so that code being run cannot be approved by chrome webstore team)

4. miki_oomiri ◴[21 Dec 25 11:38 UTC] No.46344105[source]▶

>>46342648 (TP) #

I don't think they mean executing locally JS code generated server-side.

replies(1): >>46344214 #

5. codegladiator ◴[21 Dec 25 12:05 UTC] No.46344214[source]▶

>>46344105 #

Its a "tool call" definition in their code named 'execute_javascript', which takes in a "code" parameter and executes it. The code here being provided by the LLM which is not sitting locally. So that code is not present "in the plugin binary" at the time when chrome store team is reviewing it.

replies(1): >>46344534 #

6. miki_oomiri ◴[21 Dec 25 13:00 UTC] No.46344534{3}[source]▶

>>46344214 #

I'd very curious to know how they managed to deal with this then. There's always the option of embedding quickjs-vm within the addon (as a wasm module), but that would not allow the executed code to access the document.

7. SquareWheel ◴[21 Dec 25 18:22 UTC] No.46346913[source]▶

>>46342648 (TP) #

Not having looked at the extension, I would assume they use the chrome.scripting API in MV3.

https://developer.chrome.com/docs/extensions/reference/api/s...

https://developer.chrome.com/blog/crx-scripting-api

↑

Claude in Chrome