Chrome extensions can interfere with how a site is rendered and/or its behavior. This introduces unnecessary states and potential sources of errors.
So: Is there a way to disable all Chrome extensions for visitors of a certain website?
I dont think such API exists (we are taking about webiste scripts, right?) However you could determine if specific extension installed and update your code accordingly. Check this topic how to do this.
Even better and actual topic if you are fighting with adblock plus ;)
The best way to handle so far is to disable Extension sync in that specific browser.
Steps to follow:
https://superuser.com/questions/528014/how-to-disable-chrome-extensions-without-disabling-them-across-multiple-synced-d
.
Related
Is there a way to restrict (some) chrome extensions from some pages? i.e to prevent them from reading the content or modifying the pages which might have personal or sensitive data. I realize that this might not be the right forum to ask this but I don't know where else to ask this question.
I don't have any chrome development experience but I am willing to work on this, I just don't know the right approach or if it is even possible with current API.
I have read several articles on feature detection and that it is more reliable than browser detection because browsers lie.
I couldn't find any information on why they lie. Does anyone know the reason why they would do that?
As far as I understand it, Webmasters do browser sniffing to find the capabilities of a browser and limit what they send to the browser. If a browser lies about it's capabilities they will receive more from the webmaster, you can read more:
http://farukat.es/journal/2011/02/499-lest-we-forget-or-how-i-learned-whats-so-bad-about-browser-sniffing
http://webaim.org/blog/user-agent-string-history/
The reason is simple:
Because web sites look at the user agent string and make assumptions about the browser, which are then invalid when the browser is updated to a new version.
This has been going on almost since the begining of the web. Browser vendors don't want their new versions to break the web, so they tweak the UA string to fool the code on existing sites.
Ultimately, if everyone used the UA string responsibly and updated their sites whenever new browser versions come out, then browsers wouldn't need to lie. But you have to admit, that's asking quite a lot.
Feature detection works better because when a new browser version comes out with that feature, the detection will pick it up automatically without the either browser needing to do anything special nor the site owner.
Of course, there are times when feature detection doesn't work perfectly -- eg maybe if a feature exists but has bugs in a particular browser. In that case, yes, you may want to do browser detection as a fall-back. But in most cases, feature detection is a much better option.
Another more modern reason is to just avoid demands to install mobile apps (where product owners contol what I can and can't do with content. No thanks!).
Today Reddit started to block viewing subreddits in case they detect a mobile browser in UserAgent so I had to change it just to be able to view content.
I may be a bit of paranoid when it comes to installing chrome extension that request access to all my tabs and data. While a extension may be safe for the moment, a simple auto background update can make it a malicious virus and you won't even get notified about updates.
I would like to specifically whitelist all my extension to access the content pear webpages bases. Is there any such tool out there already (natively perhaps) before i start hacking my own extension to control it on my own.
That would leave me to my next question. Extension can be a bit secured running sandboxed environment and have no access to the "real" filesystem (not the virtual sandboxed filesystem) but could i write a NaCl plugin and have have full access and change the manifest file to change the content_scripts settings? if so, could you point me in the right direction?
I'm not sure to understand clearly your question, but let's calrify some things about extensions and how they can be dangerous:
First: If an extension updates and want to have new authorisations, Chrome will warn you and you can choose if you want it to be updated
Second: Chrome sandboxes extensions running on your computer
Third: The only authorisation that may represent a real danger for your computer are the ones requesting authorisation to "Access all data on your computer"
.
.
.
If you are really worried that some extensions may represent a danger for you (and I understand you), you can restrict them to run on specific webpages by doing the following:
1. Go to the extensions folders [C:\Users(YOUR USERNAME)\AppData\Local\Google\Chrome\User Data\Default\Extensions(APPID)] and open the manifest.json file with any text editor
2. In "content_scripts" declaration, in "matches", specify sites where the extension will ONLY work on [ex:*://google.com/* will make extension be active ONLY for google.com]
You can even be more precise and set specific URLs/HTML pages (see more: https://developer.chrome.com/extensions/match_patterns)
Hope it helps!
If it doesn't, please clarify your question again.
As the question says, can an extension save files to a user-set location for all future downloads (that differs from the download location set in preferences)?
If so, how would this be done?
Thanks
See this issue for a lengthy discussion on the matter. Per the last qualitative entry on 8.10.2012:
The downloads ui is a very sensitive part of chrome from a security
perspective, so it is unlikely that we will ever be able to allow
extensions to completely replace chrome's downloads ui. We have plans
to allow extensions to extend chrome://downloads in a limited and
safe way, and extensions may add browser action buttons, but
replacing the downloads ui entirely is not likely in the foreseeable
future. Witness the search engine hijacking security issues. With the
--disable-downloads-shelf flag, extensions could suggest that users set that flag.
Please also feel free to write a download manager extension as a
browser action to demonstrate a better ui. If a download manager
extension gains sufficient popularity, we may consider adopting
something like it as chrome's native downloads ui. That's a more
likely way that extensions could replace the ui, but slower and safer.
My guess is that you can't. It would be a security issue if plugins had such abilities.
I was thinking to add meta tag always in all the websites.
That will trigger google chorme frame to load for users who already installed. I can see the benefits but is there any concerns or facts that I should know before I do that?
Testing in google chrome is enough or testing in google chrome frame explicitly required?
Thanks
Note: please do not mention current know problems "print" and "download" issue. I'm sure those will get fixed soon :)
The only argument against chrome frame that I have seen so far is Microsoft's - "Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts."
Also, you may run into problems with frames. If you have chrome frame on your page and someone has that page iframed on their site you may run into some problems. More info:
http://groups.google.com/group/google-chrome-frame/browse_thread/thread/d5ffe442658bc60e/e6d7a4c1c179c931?lnk=gst&q=iframe
You should only need to test in Chrome Frame for (X)HTML, CSS, and JavaScript...basic stuff. If you are using AJAX (while trying not to break the back button), worried about caching, cookies (accessed via javascript), or other potentially browser-specific browser interactions I suggest testing on the IE+CF platform...at least until the CF team announces 100% interoperability between CF and IE.
Check out the CF Google group for more issues.
Are there any concerns or facts you should know? Yes: Not everyone has Google Chrome Frame installed.
You are adding a new user agent that you will need to test and debug against, without removing the need to test and debug the user experience for other browsers (notably plain IE by itself).
If you don't make the IE user experience equivalent to the Google Chrome experience, then you are alienating a significant percentage of users. Depending on your website and its expected users, the impact of this may range from undesirable to unacceptable. If you do make the user experience equivalent, then there is no point in adding the meta tag.