use a custom profile directory

[paulirish]

you should definitely not reuse the same chrome profile that someone is already using. i would recommend it should be impossible to use chromerepl without a custom profile dir being set.

you can set --user-data-dir to a path that will be used for the profile.

you can follow the basic setup in here https://github.com/GoogleChrome/chrome-launcher/blob/f126c3a0ff69f99deb97aa3ebe5c8e92562fcca7/src/utils.ts#L61-L74 it should handle WSL, even.

[acarabott]

Hi Paul, thanks for checking it out.

Are there security concerns with using the default chrome profile?

Willing to defer to your authority on this, but using a fresh profile degrades the user experience enough that I'd consider adding a user preference for this (defaulting to using a temp profile).

[HiZhaoxiaoyang]

Hi， gif looks cool. but REPL in macos is too inconvenient to config and use in devtool, devtool has been configured and run at port 9222.

Chrome REPL: Connect to Tab

[paulirish]

Are there security concerns with using the default chrome profile?

yes. all cookies are accessible over the devtools protocol. so having a discoverable REST and WS endpoint on port 9222 just sitting there means I can definitely probe and connect to any of your browser tabs and steal cookies.

[acarabott]

Thanks, definitely a good reason to do this, will get on it.

Would a better approach be to use an extension + native messaging?

[acarabott]

Fixed in https://github.com/acarabott/ChromeREPL/commit/009ab7884b14fb8536bf0066436cb532b1b5b43c