Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Using RRWeb in chrome extension results in obfuscated code #1578

Open
1 task done
nuwansamaware opened this issue Oct 2, 2024 · 8 comments
Open
1 task done
Labels
bug Something isn't working

Comments

@nuwansamaware
Copy link

Preflight Checklist

  • I have searched the issue tracker for a bug report that matches the one I want to file, without success.

What package is this bug report for?

rrweb

Version

2.0.0-alpha.14

Expected Behavior

I am using rrweb in my chrome extension, and I am not using any minification compiling my extension. However, the output js contains following coming from rrweb usage:
const encodedJs = "KGZ1bmN0aW9uKCkgewogICJ1c2Ugc3RyaWN0IjsKIC

This is causing chrome web store to reject my extension - which says there cannot be obfuscated code. Any idea how I can resolve this and use rrweb in my extension.

I have attached the decoded version of the code that the above encodedJs refers to.
decoded_bitmap.txt

Actual Behavior

When compiled, not to have obfuscated portions of code.

Steps to Reproduce

Include rrweb in extension.
Compile.
Check the output code

Testcase Gist URL

No response

Additional Information

No response

@nuwansamaware nuwansamaware added the bug Something isn't working label Oct 2, 2024
@pauldambra
Copy link
Contributor

+1 numerous reports of this from folk too
we spoke to google dev rel, and it's not a thing they can/will ignore

@ebloom19
Copy link

ebloom19 commented Oct 28, 2024

Hey guys I am not sure if this helps at all but I also use Sentry in my Chrome Extension and their "Replay" feature (which also uses the rrweb package) seems to work fine in my extension without google flagging it for obfuscated code.

They seem to be using their own forked version I think?

Check out the packages they use:
https://github.com/getsentry/sentry/blob/ef56dcdb29f0ec074fc68acc865cf168c5d043af/package.json#L57

This is the rrweb npm package they seem to be using:
@sentry-internal/rrweb
https://www.npmjs.com/package/@sentry-internal/rrweb

This is their own forked version of rrweb:
https://github.com/getsentry/rrweb

https://blog.sentry.io/sentry-bundle-size-how-we-reduced-replay-sdk-by-35/

Possibly there could be something there that may help with Posthog's solution?

@pauldambra
Copy link
Contributor

Hey @ebloom19,

Sentry by default don't include the canvas recording code in their forked build. My guess is that if you included the Sentry canvas recording integration and used Sentry's replay then Google would block that too - assuming they're including the same "obfuscated" rrweb code when canvas replay is enabled

@seawatts
Copy link

seawatts commented Nov 7, 2024

@pauldambra thanks for looking into this and contacting Google. Is there anyway the code would be able to be changed in order for this to get published? Or is there a way to just exclude part of the posthog lib for chrome extensions?

@pauldambra
Copy link
Contributor

hey @seawatts

i appreciate this seems slow to resolve it's unfortunately a pretty fiddly set of changes

it's not possible to run session replay without the canvas recording code at the moment. we are making changes to accommodate this but unfortunately it's such an underlying component that we need to go slowly

@seawatts
Copy link

seawatts commented Nov 7, 2024

Thanks @pauldambra for the prompt response. I'll be submitting my extension without this for now. I'll keep an eye out for changes.

@nuwansamaware
Copy link
Author

I am using rrweb in my extension: TestChimp: https://chromewebstore.google.com/detail/testchimp-create-api-auto/ailhophdeloancmhdklbbkobcbbnbglm.

How I resolved: After running npx webpack, I manually copy paste the un-encoded code equivalent to the encoded portion.

Attached is the code that needs to be replaced and the replacement code.
code_to_replace.txt
replacement-code.txt

@seawatts
Copy link

Thanks @nuwansamaware That looks like it's a viable solution. However that doesn't seem to be the same code that I'm seeing that is getting obfuscated. My code starts with KGZ1bmN0aW9uKCkgewogICJ1c2Ugc3RyaWN0IjsKICB2YXIgY2hhcnM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants