restrict chrome extension from reading/modifying certain pages - google-chrome-extension

Is there a way to restrict (some) chrome extensions from some pages? i.e to prevent them from reading the content or modifying the pages which might have personal or sensitive data. I realize that this might not be the right forum to ask this but I don't know where else to ask this question.
I don't have any chrome development experience but I am willing to work on this, I just don't know the right approach or if it is even possible with current API.

Related

Develop a task-specific web browser

I want to build a task-specific web browser. For example, when the user uses that browser, the program should give options like these:
What is your interest today? Please select from the following:
computer science
data science
web development
psychology
biology
social media
etc.
After the user selects their interest, the browser should allow the user to search or study only those selected content types, so the user cannot get diverted from their task. The purpose of this browser is to avoid time-wasting. Because whenever someone tries to study or do some professional work, they get diverted by opening social media tabs and movies.
Which programming language will be suitable for making this browser?
You could do this by making a custom version of an existing browser, as guest271314 suggested, but that would require far more effort than necessary. All you need to make is a browser extension, such as a Firefox Add-on or a Chrome Extension. Browser extensions are usually written with JavaScript, HTML, and CSS. Each browser needs to have an extension made individually, but you can usually share a lot of the code between them. Read the linked documentation for help creating an extension for each browser.
There are already existing browser extensions like you describe that prevent you from visiting sites that you put on a list ahead of time, such as StayFocusd and WasteNoTime. Maybe you just want to use one of those extensions instead of writing a new one.

Why do user agents / browsers lie

I have read several articles on feature detection and that it is more reliable than browser detection because browsers lie.
I couldn't find any information on why they lie. Does anyone know the reason why they would do that?
As far as I understand it, Webmasters do browser sniffing to find the capabilities of a browser and limit what they send to the browser. If a browser lies about it's capabilities they will receive more from the webmaster, you can read more:
http://farukat.es/journal/2011/02/499-lest-we-forget-or-how-i-learned-whats-so-bad-about-browser-sniffing
http://webaim.org/blog/user-agent-string-history/
The reason is simple:
Because web sites look at the user agent string and make assumptions about the browser, which are then invalid when the browser is updated to a new version.
This has been going on almost since the begining of the web. Browser vendors don't want their new versions to break the web, so they tweak the UA string to fool the code on existing sites.
Ultimately, if everyone used the UA string responsibly and updated their sites whenever new browser versions come out, then browsers wouldn't need to lie. But you have to admit, that's asking quite a lot.
Feature detection works better because when a new browser version comes out with that feature, the detection will pick it up automatically without the either browser needing to do anything special nor the site owner.
Of course, there are times when feature detection doesn't work perfectly -- eg maybe if a feature exists but has bugs in a particular browser. In that case, yes, you may want to do browser detection as a fall-back. But in most cases, feature detection is a much better option.
Another more modern reason is to just avoid demands to install mobile apps (where product owners contol what I can and can't do with content. No thanks!).
Today Reddit started to block viewing subreddits in case they detect a mobile browser in UserAgent so I had to change it just to be able to view content.

Disable chrome extensions for visitors of a certain web-site?

Chrome extensions can interfere with how a site is rendered and/or its behavior. This introduces unnecessary states and potential sources of errors.
So: Is there a way to disable all Chrome extensions for visitors of a certain website?
I dont think such API exists (we are taking about webiste scripts, right?) However you could determine if specific extension installed and update your code accordingly. Check this topic how to do this.
Even better and actual topic if you are fighting with adblock plus ;)
The best way to handle so far is to disable Extension sync in that specific browser.
Steps to follow:
https://superuser.com/questions/528014/how-to-disable-chrome-extensions-without-disabling-them-across-multiple-synced-d
.

For google chrome extension development, is it possible to set a download location?

As the question says, can an extension save files to a user-set location for all future downloads (that differs from the download location set in preferences)?
If so, how would this be done?
Thanks
See this issue for a lengthy discussion on the matter. Per the last qualitative entry on 8.10.2012:
The downloads ui is a very sensitive part of chrome from a security
perspective, so it is unlikely that we will ever be able to allow
extensions to completely replace chrome's downloads ui. We have plans
to allow extensions to extend chrome://downloads in a limited and
safe way, and extensions may add browser action buttons, but
replacing the downloads ui entirely is not likely in the foreseeable
future. Witness the search engine hijacking security issues. With the
--disable-downloads-shelf flag, extensions could suggest that users set that flag.
Please also feel free to write a download manager extension as a
browser action to demonstrate a better ui. If a download manager
extension gains sufficient popularity, we may consider adopting
something like it as chrome's native downloads ui. That's a more
likely way that extensions could replace the ui, but slower and safer.
My guess is that you can't. It would be a security issue if plugins had such abilities.

Always using google chrome frame meta tag for standard compliant page, is good idea?

I was thinking to add meta tag always in all the websites.
That will trigger google chorme frame to load for users who already installed. I can see the benefits but is there any concerns or facts that I should know before I do that?
Testing in google chrome is enough or testing in google chrome frame explicitly required?
Thanks
Note: please do not mention current know problems "print" and "download" issue. I'm sure those will get fixed soon :)
The only argument against chrome frame that I have seen so far is Microsoft's - "Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts."
Also, you may run into problems with frames. If you have chrome frame on your page and someone has that page iframed on their site you may run into some problems. More info:
http://groups.google.com/group/google-chrome-frame/browse_thread/thread/d5ffe442658bc60e/e6d7a4c1c179c931?lnk=gst&q=iframe
You should only need to test in Chrome Frame for (X)HTML, CSS, and JavaScript...basic stuff. If you are using AJAX (while trying not to break the back button), worried about caching, cookies (accessed via javascript), or other potentially browser-specific browser interactions I suggest testing on the IE+CF platform...at least until the CF team announces 100% interoperability between CF and IE.
Check out the CF Google group for more issues.
Are there any concerns or facts you should know? Yes: Not everyone has Google Chrome Frame installed.
You are adding a new user agent that you will need to test and debug against, without removing the need to test and debug the user experience for other browsers (notably plain IE by itself).
If you don't make the IE user experience equivalent to the Google Chrome experience, then you are alienating a significant percentage of users. Depending on your website and its expected users, the impact of this may range from undesirable to unacceptable. If you do make the user experience equivalent, then there is no point in adding the meta tag.

Resources