Json Formatter

Name: Security Analysis: Json Formatter
Item: Json Formatter
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 2M+ users

📦 v0.9.4

💾 37.42KiB

📅 2026-02-19

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Automatically prettifies any JSON response opened in a browser tab.

FEATURES:

🏎️ **Fast**, even on very long JSON pages
🌗 Dark mode support
🎨 Syntax highlighting
📎 Code folding and indent guides
🔗 Clickable URLs
🔌 Raw/Parsed toggler

Pro tips:
🪄 Hold down Ctrl (or ⌘ on Mac) when clicking to fold/unfold all adjacent siblings
🪄 Open the Dev Tools console and type `json` if you want to explore the parsed JSON

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

✅ Version v0.10.0 was recently scanned.

v0.10.0 Info Scanned Mar 7, 2026

Security Analysis — Json Formatter

Analyzed v0.10.0 · Mar 7, 2026 · 4 JS files · 182 KB scanned

Permissions

Code Patterns Detected

External Connections

cdn.givefreely.com geoip.maxmind.com shop.app

Package Contents 11 files · 204KB

▾📁_locales

▾📁en

{}messages.json350B

▾📁_metadata2KB

{}verified_contents.json2KB

▾📁content93KB

📜console.js1KB

📜core.js92KBlarge

▾📁icons11KB

🖼128.png10KB

🖼32.png1KB

▾📁options21KB

🎨options.css6KB

🌐options.html1KB

📜options.js14KB

▾📁worker75KB

📜worker.js75KBlarge

{}manifest.json1KB

What This Extension Does

The Json Formatter extension makes JSON data easy to read and explore, solving a common problem for developers and users. It's designed to work with long JSON pages, providing features like syntax highlighting, code folding, and clickable URLs.

Permissions Explained

storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension uses the chrome.storage API to access and modify browser storage. This could potentially allow unauthorized access or modification of sensitive user data if compromised.
unlimitedStoragecheck this: This permission allows the extension to store an unlimited amount of data locally on your device.
Technical: The extension uses the chrome.storage API with the 'unlimited' scope, which could potentially lead to storage exhaustion or unauthorized access if compromised. ⚠ 1
webRequestcheck this: This permission allows the extension to intercept and modify web requests.
Technical: The extension uses the chrome.webRequest API, which grants access to all URLs. This could potentially allow unauthorized modification of sensitive user data or eavesdropping if compromised. ⚠ 1
*://*/*check this: This permission allows the extension to intercept and modify web requests for all URLs.
Technical: The extension uses a wildcard pattern to match all URLs, granting access to sensitive user data. This is considered a critical risk if compromised. ⚠ 1
<all_urls>check this: This permission allows the extension to intercept and modify web requests for all URLs, including those with sensitive information.
Technical: The extension uses a wildcard pattern to match all URLs, granting access to sensitive user data. This is considered a critical risk if compromised. ⚠ 1

Your Data

The extension accesses browser storage and sends data to cdn.givefreely.com, geoip.maxmind.com, and shop.app. It also uses the Fetch API to make requests.

Technical Details

The extension contacts the following domains: cdn.givefreely.com, geoip.maxmind.com, and shop.app. It uses the HTTP protocol for all requests. The extension reads and writes browser storage using the chrome.storage API.

Code Findings

innerHTML assignmentMedium

The extension assigns innerHTML to an element, which could potentially lead to a cross-site scripting (XSS) vulnerability if compromised.

Technical: The extension uses the element.innerHTML property to assign user-input data. This is a potential XSS vector if not properly sanitized.

💡 This pattern is commonly used in legitimate extensions for rendering HTML content.

Uses Fetch APIInfo

The extension uses the Fetch API to make requests, which is a common and safe practice.

Technical: The extension uses the fetch function to make HTTP requests. This is a legitimate use of the Fetch API.

💡 1

Reads browser storageMedium

The extension reads data from browser storage, which could potentially allow unauthorized access if compromised.

Technical: The extension uses the chrome.storage API to read data from browser storage. This grants access to sensitive user data.

💡 1

Writes to browser storageMedium

The extension writes data to browser storage, which could potentially allow unauthorized modification if compromised.

Technical: The extension uses the chrome.storage API to write data to browser storage. This grants access to sensitive user data.

💡 1

Removes from browser storageMedium

The extension removes data from browser storage, which could potentially allow unauthorized deletion if compromised.

Technical: The extension uses the chrome.storage API to remove data from browser storage. This grants access to sensitive user data.

💡 1

Potential hardcoded secretMedium

The extension may contain a hardcoded secret, which could potentially allow unauthorized access if compromised.

Technical: The extension contains a hardcoded API key. This is a potential security risk if not properly secured.

💡 1

Sets up event listenersInfo

The extension sets up event listeners, which is a common and safe practice.

Technical: The extension uses the addEventListener method to set up event listeners. This is a legitimate use of the API.

💡 1

Bottom Line

Based on our analysis, we recommend exercising caution when using this extension due to its potential for data exposure and unauthorized access. While it provides useful features, the extension's permissions and code behavior raise some concerns that should be addressed by the developer.