In doing research on "Chrome Extensions Security" most of the results are about the extensions themselves being threats (malware, etc.).
If I write an extension to be used with my web application, what are the security threats against the extension (not from the extension)? Is the extension secure against malicious attacks? Can the code running in the extension be compromised?
It is interesting that there is not a "Security" section in the Chrome Extensions documentation nor is the word "security" mentioned in the Chrome Extensions FAQs.
This video from December of 2009 answers one of my major concerns: Google Chrome Extensions: Content Scripts and Isolated Worlds
Aaron Boodman, an engineer at Google, presents content scripts, one of the features of Google Chrome's extension system, as well as the concept of isolated worlds (keeping content scripts isolated from each other and from the pages they are running on).
Good quote from the video: "Since no JavaScript objects are shared between 'Isolated Worlds', it is not possible for web page JavaScript to use the shared DOM to break out of the normal web page sandbox and somehow get access to the content script or its APIs."
Good image from the video: Isolated Worlds
If you have any other good references on Chrome Extensions Security, please post in a comment to this question. Thx.
Related
The article from here shows a method for websites to determine whether a user has a particular extension installed, if "web_accessible_resources" (in case of Chrome) allows this. My question is why do browsers not filter these requests themselves? The only use case I came up with was to fingerprint the user.
The author of an extension lists such accessible resources in its manifest.json intentionally. This is a feature used by extensions to add a UI or a font/image to the web page(s) and so on.
Fingerprinting is possible only due to a poor implementation in Chrome (and Chromium-based browsers), which will be eventually fixed in ManifestV3 so extensions can set use_dynamic_url.
Firefox WebExtensions aren't affected because Firefox uses a unique per-machine UUID, more info.
I want to build a task-specific web browser. For example, when the user uses that browser, the program should give options like these:
What is your interest today? Please select from the following:
computer science
data science
web development
psychology
biology
social media
etc.
After the user selects their interest, the browser should allow the user to search or study only those selected content types, so the user cannot get diverted from their task. The purpose of this browser is to avoid time-wasting. Because whenever someone tries to study or do some professional work, they get diverted by opening social media tabs and movies.
Which programming language will be suitable for making this browser?
You could do this by making a custom version of an existing browser, as guest271314 suggested, but that would require far more effort than necessary. All you need to make is a browser extension, such as a Firefox Add-on or a Chrome Extension. Browser extensions are usually written with JavaScript, HTML, and CSS. Each browser needs to have an extension made individually, but you can usually share a lot of the code between them. Read the linked documentation for help creating an extension for each browser.
There are already existing browser extensions like you describe that prevent you from visiting sites that you put on a list ahead of time, such as StayFocusd and WasteNoTime. Maybe you just want to use one of those extensions instead of writing a new one.
What technologies are used to power Quake Live?
Specifically, how do you create a web application that makes such extensive use of 3D in the browser? The service requires you to download and install a plug-in in order to play. How do you create such a plug-in, and how does it interact with the web site?
Browser programs are very simply, programs. They are given an interface to interact with the browser, but beyond that, they can do anything a normal native application can do, like use DirectX or OpenGL.
Internet Explorer registers plugins using ActiveX. Firefox, Chrome, Safari and most other browsers use Netscape's NSPlugin API.
The MDC has plenty of documentation on writing plugins for Firefox.
There is also a question on SO about writing plugins for IE.
I am a web developer looking to build a browser extension. What is the best way to build browser extensions using web technologies (HTML, Javsacript, etc). We are targeting IE and Firefox only. Can IE browser toolbars be created using HTML/Javascript?
There is a bit of confusion here. Your question title says you are looking to develop a "Browser Toolbar", but in the question body itself you are asking about "Browser Extensions".
Its important to understand that in general Browser Toolbars are a subset of a Browser Extension. If you are indeed looking though to develop a Cross Browser Extension and not a toolbar I would really recommend the use of Crossrider - a development framework for cross-browser extensions.
They do not allow you develop toolbars, but they do have an online IDE and an extensive API to build cross-browser extensions for Internet Explorer, Chrome, Firefox and Safari with basic knowledge of JavaScript and jQuery.
Have a look at this article where they discuss using HTML and Javascript to build an extension for firefox.
I've been utlising a "web browser control" in desktop based applications (in my case Windows Forms .NET) for a number of years. I mostly use it to create a familiar flow-based user interface that also allows a seamless transition to the internet where required.
I'm really tired of the IE browser control because of the poor quality html it generates on output. Also, I guess that it is really just IE7 behind the scenes and so has many of that browser "issues". Despite this, it is quite a powerful control and provides rich interaction with your desktop app.
So, what other alternatives to the IE browser control are there? I looked at a Mosaic equivalent a year ago but was disappointed with the number of unimplemented features, maybe this has improved recently?
hmm..Interestingly
Mozilla seems to provide ActiveX control
K-Melon is another Gecko based browser control
Popular layout engines:
Mozilla Gecko
KHTML
WebKit (based on KHTML)
Though I'm not sure how easy it is to embed those in a .Net app.