I want to write a chrome extension that would automatically (without user interaction) read and upload a file from the local storage based on some event. I understand this is not directly possible because of the security model of the web and browsers.
After researching online I found that this can be achieved through an NPAPI plugin. From what I understand, I can write a chrome extension that will interact (via NPRuntime API) to the NPAPI plugin and request for a file to be uploaded. The plugin would retrieve the file and respond with the file data.
Question 1: Is the architecture conceived above a reasonable/efficient way of achieving my task?
If so, then my concern is on the security of this method.
Question 2: Since my plugin would be reading (and maybe writing) stuff from (and to) local storage, how would I code it in a secure manner so that it's not misused by other malicious sites/extensions? My plugin should work only with my extension and not with any other site/extensions. How would I achieve this? In other words, what kind of measures should I take to secure the interactions between my chrome extension and NAAPI plugin so that there is no room for malicious attacks?
