Extension Content Verification flag in Chrome dev breaks uBlock

[gorhill]

[Oiriginal entry on gorhill/httpswitchboard#390]

uBlock is marked as "potentially corrupted by malware".

Edit (currently most likely explanation I see): I see a new bug has been opened yesterday re. Extension Content Verification: Content verification handles 0-length files incorrectly... Both uBlock and HTTPSB ship with an empty file in assets/user/, so maybe this is what is causing a false positive for uBlock and HTTPSB?

[What follow is what I thought was best explanation before I found the issue above.]

Originally I thought it was caused by the use of window.webkitRequestFileSystem (issue #89), but the problem still persist after moving away from this API. (It was a good change anyway, chrome.storage.local is way simpler to use).

Associated Chromium issue: http://code.google.com/p/chromium/issues/detail?id=389879.

The best explanation so far is comment #8:

maybe there's detection of URLs included in the malware blacklists you ship?

If so, that would mean many extensions dedicated to privacy and/or security would no longer work if installed from the Chrome store (and other stores I believe since this is a Chromium "feature").

Reportedly ABP, HTTP Everywhere are also affected by this, and I guess whatever extension which happens to use download and save locally lists which may contain occurrences of whatever string is causing Chrome to mark the extension as "potentially corrupted" and to disable it.

To make matter worst, to actually confirm that this is what breaks uBlock in the dev version, I would need to publish a new version without these lists, since the "verification" is done only for extensions installed from the store -- this does not happen when I install manually.

[gorhill]

Fixed with 6b9c654