[Final] Building PeerSky’s Extensions System

Tue, 23 Sep 2025 00:00:00 +0000

Hi everyone, I’m Hanzhong Liu. Over the summer I worked on building the peersky://extensions system for PeerSky browser, a decentralized and privacy-first browser built on Electron.

This post is my final GSoC 2025 update — covering how the extensions manager was designed, the security model behind IPC, the UI for managing extensions, and what’s next for PeerSky.

Project Overview

The new extensions system makes PeerSky behave like a modern browser: you can install extensions from the Chrome Web Store or from local files, enable/disable them, update or uninstall, and interact with their toolbar actions through a puzzle-menu UI.

Key Design Goals

Secure preload-based API exposure via contextBridge
Support for preinstalled, Web Store, and local packages
Toolbar integration with pin/unpin support (up to six)
Robust validation: MV3-only, size caps, zip-slip prevention

Highlights

Preinstalled MV3s

PeerSky now ships with three trusted extensions out of the box:

Dark Reader
Linguist (web page translator)
uBlock Origin Lite

They remain installed by default but can be disabled at any time. This ensures users always have a working baseline without needing to browse an extension store.

Electron Integration

Instead of injecting scripts, the system uses preload + IPC. Each operation is routed through validated IPC channels:

listExtensions, installFromWebStore, toggleExtension, etc.
All methods are scoped to peersky://extensions only.
Rate limiting and size caps are enforced per renderer.

This design makes the surface auditable and prevents privilege leaks.

Browser actions appear in a puzzle menu and can be pinned for quick access:

Up to six pins are allowed
Pinned state persists across sessions.
Popups (e.g., for translators or wallets) open in isolated windows, with OAuth flows preserved via popup guards.

Security Highlights

Installs capped at 60 MB, with early rejection on oversized payloads
5 installs/minute per renderer to prevent abuse
ZIP/CRX extraction hardened against path traversal
MV3 required; permissions validated at install with warnings for risky hosts
Web Store installs use Google-signed CRX verification via electron-chrome-web-store

Example: Installing from the Web Store

Adding a new extension is simple:

Paste a Chrome Web Store URL or ID into the install bar.
PeerSky downloads and validates the CRX.
On success, the extension appears in the grid with toggle, update, and remove options.

Reflection

This project was both challenging and rewarding. Designing an extension system meant grappling with security, IPC design, and user experience at the same time. I learned to think carefully about security management, UI/UX positioning, and design APIs that are auditable.

I’m grateful to my mentor Akhilesh Thite and the UC OSPO team for their guidance and feedback. Their support pushed me to make deliberate technical decisions and communicate them clearly.

You can explore the project here: https://github.com/p2plabsxyz/peersky-browser

[MidTerm] Building PeerSky’s Settings System

Thu, 24 Jul 2025 00:00:00 +0000

Hi everyone, I’m Hanzhong Liu. My project focuses on building a secure and extensible peersky://settings system for the PeerSky browser, a decentralized and privacy-first browser built on Electron.

This post is a midterm check-in covering what’s been implemented so far — from IPC architecture to real-time theme and wallpaper updates — and a preview of what’s coming next.

Project Overview

Peersky’s new settings system is designed to unify browser preferences (themes, search engine, appearance, extensions, etc.) into a single modular interface. It’s accessible via a protocol route (peersky://settings) and built using web-standard HTML/CSS, scoped APIs, and Electron’s context isolation model.

Key Design Goals:

Secure preload-based API exposure via contextBridge
Fast access to user preferences with zero-flicker wallpaper updates
Extensibility for bookmarks, future plugins, and privacy tools

Midterm Progress Highlights

Electron Integration

Rather than using webFrame.executeJavaScript(), I implemented preload-scoped APIs using contextBridge and ipcRenderer to prevent injection vulnerabilities and ensure synchronous availability during early page load. Each internal protocol (settings, home, bookmarks) is granted its own API access level.

Code: src/pages/unified-preload.js

Modular Settings Page

The UI lives in a single HTML file with sidebar-based navigation (Appearance, Search, Bookmarks, Extensions). Each section updates independently using event-driven IPC and live sync.

Wallpaper & Theme Switching

Supports both built-in wallpapers and custom uploads
Background applies instantly using sendSync() during preload
Themes (light, dark, system) are controlled using root-level CSS variables and real-time IPC events

Cache & Search Engine

Added IPC handler to clear both Electron session and P2P cache directories (ipfs/, hyper/)
Settings API allows switching between DuckDuckGo, Ecosia, and Startpage via dropdown

Example: Adding a New Setting (`autoSave`)

I also documented how developers can add new settings like autoSave using:

settings-manager.js for default values and validation
Preload event listeners (onAutoSaveChanged)
UI toggles and save logic in settings.js

Documentation link: Settings Guide

Reflection

I’m really thankful for the mentorship I’ve received from Akhilesh Thite. His guidance has been the perfect balance of autonomy and support. He challenged me to reason clearly about technical choices, especially when I thought some of them are minor and not worthing paying attention to. His feedback helped me write cleaner, better-scoped code. This project has helped me grow as a software engineer in ways I didn’t fully anticipate, but I’ve enjoyed it so so much.

You can explore the project here:
https://github.com/p2plabsxyz/peersky-browser

Peersky | UCSC OSPO

[Final] Building PeerSky’s Extensions System

Project Overview

Key Design Goals

Highlights

Preinstalled MV3s

Electron Integration

Toolbar & Puzzle Menu

Security Highlights

Example: Installing from the Web Store

Reflection

[MidTerm] Building PeerSky’s Settings System

Project Overview

Key Design Goals:

Midterm Progress Highlights

Electron Integration

Modular Settings Page

Wallpaper & Theme Switching

Cache & Search Engine

Example: Adding a New Setting (autoSave)

Reflection

Example: Adding a New Setting (`autoSave`)