I need to develop an chrome extension to perform scraping on certain web pages of our customers in the private area of each user once logged on those web pages (all this always under the approval of the user informing him at all times the data that will be obtained). Each of our clients has a different website and the necessary scraping code is different for each of the clients. Every month we get new clients, so we have to develop the necessary scraping script for new clients. In addition, the information obtained from scraping will be sent by the extension to our REST web service for storage in a database.
To avoid having to generate a new version of the extension every time we develop the scraping script of the new clients, I had thought of developing a web service of type REST that the extension would initially consult, and that would return the URLs of all the clients, along with all the scripts associated with each client. In this way, we would only make a version of the extension and the scraping script would store it in a database and return it to the extension through the web service indicated above and the extension would inject it as a content script using the chrome.tabs.executeScript() method. Once the scraping is done, the result would be sent by the extension to the corresponding web service.
Would the architecture that I have commented be feasible in terms of security? If it is not, what options do I have? This project is very important for my company and I have to look for the right options.
Is there a problem with sending the information obtained by scraping to our external server for storage?
I am very worried about all this, can someone help me?
Thank you very much in advance.