Do/Can browser extensions run within C3?

Just ran into a possible issue. I'm creating a HTML5 based game. A similar pure HTML game had a issues with people creating Chrome extensions that allowed them to bot the game.

The question is, do things like Chrome Extensions run inside the C3 environment and can they be accessed while C3 is running?

If so, is there any way to detect which ones are?

Its possible, but the runtime is pretty hard to deconstruct, especially if it's minified.

If you're worried about it take a look at possible points of entry like variables, or ajax calls.

The Binary Data plug could offer some obfuscation, and there is an encryption plug in the repository.

Browser extensions can run on any page and do pretty much anything. They've proven a pain for the Construct editor itself, since they often break things too. There's not a lot you can do about it, other than add some basic anti-automation features.

Thanks guys. Forewarned is forearmed. It's not good news. It seems I'll have to give the server a bit more authority about how quickly transactions can be processed. Proves my adage though: Writing software is easy. Making it idiot proof, next to impossible.

As with any kind of game you should adopt the approach that the client is not trusted and could be hacked to any extent. All restrictions must be implemented on the server side only for them to be meaningful.