I spent a fair amount of time trying to determine why my view of a site didn't match a clients, after looking at the cache etc. we determined the problem to be with one of the add-ons (Adblock Plus in this particular case). It would have been much simpler if we could have had an easy way to query what add-ons were installed, and ideally active. Is there anyway to generate a list programmatically perhaps with JavaScript?
No, you can't do this with user/page JavaScript. I imagine it would be a security risk, if you could.
But there is an add-on you can install that will generate a printable, copyable list of installed extensions/Add-ons.
Check out: "Extension List Dumper".
You cannot get a complete list just by using Javascript, but some Addons allow a check anyway.
accessing the chrome://-protocol was considered a security risk and
therefore has been disabled. Nonetheless you can still accomplish to detect
an extension with the image-load trick. Why? Because extension
developers may mark their extension as web-accessible setting the
property “contentaccessible=yes” inside the chrome.manifest file of
the extension. This is e.g. the case for the two famous plugins
Firebug and Web Developer Toolbar
source: http://webdevwonders.com/detecting-firefox-add-ons/
Related
I have an Internal web portal (opened only from Chrome) in which I am temporarily hiding few options using Tamper Monkey. So this script would be setup in few internal system only. Is there a way I disable the option in Tamper Monkey where users cannot go disable these script in the Tamper Monkey dashboard? This is being done from an organization level.
Is there a way I put this script directly in to my Web Server?
Below is how we solved the issue.
We created a new Chrome Extension and it uses an User script. So rather than depending on Tamper Monkey, we built our own.
Also when its published in an organization by an Administrator, we can then control the Chrome Extension if it can be disabled or not. Also we can force install of the Extension, when someone disables it.
No. You cannot do that. No userscript can alter any extension nor browser settings.
Nor can even an extension interfere directly with other extensions.
The browser developers are very diligent about blocking all vectors for such attacks that they discover (within reason).
Your best bet is to alter the web portal app to deal with the issue. It should never, ever, trust what is coming from a "browser" anyway (Always verify your app inputs).
If you have inflicted Google Chrome Enterprise on your users, you can force-install extensions that they can't disable. This still wouldn't stop them from being to disable a Tampermonkey script, but you could write a custom extension that does the same thing.
If you have full control of the target machines, and depending on details you haven't provided, you may be able to place the machines in "Kiosk Mode". Although I'm not sure if this would prevent them from clicking Tampermonkey off...
The second best bet is employee training, coaching, and (last-resort) consequences -- if this is a workplace.
Another possibility, if you have money and time to burn, is to fork the Chromium source code and make your own browser.
It is also possible, but almost certainly not cost effective, to place an executable on the user's machines that restricts certain actions. But you'd be a fool, and/or a government, and/or a crook, to attempt such an approach.
I was trying to pack an little extension i made, but chrome keeps removing it as it may have been "installed without my consent". Is there any way to stop this? Thanks!
Note: This is not a duplicate from this question , as my extension is not yet in the chrome store.
It's not possible to use packed extensions for anything but very limited testing those days.
Chrome explicitly forbids installs from sources other than CWS. So you really need to either use it unpacked (if it's only for yourself) or publish it to CWS as unlisted/trusted testers (if it's for a small group of people).
The feature to pack still exists, since enterprise deployments and apps are not subject to these restrictions. 99% likely that you won't be able to use enterprise deployment though.
I need to find a way to install a Google Chrome plugin onto Chrome automatically. It would be preferable if you gave advice pertaining to .bat and .vbs files as that is where my "specialties" lie.
When I say automatically, I mean you would double-click the script and it would put the plugin onto the browser.
C:\Documents and Settings*UserName*\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions
Is where the extension data is. I'm working with Windows machines, by the way.
EDIT: Sorry, the vibe I was intending to give off was "advice" not "gimme free code".
Where to start..
There are some limitations you will have to deal with, due to security measures taken.
Your extension must be published in the Chrome Web Store.
Your extension will start disabled in Chrome with a prompt to enable it.
If you can live with that, the procedure is outlined here. Don't ask me for sample code, but it should be pretty straightforward.
In short, all you need is to create a registry key based on the extension ID. Chrome will pick that key and add an extension - but will ask the user to confirm.
More and more of our users (I manage a french blogging platform) are complaining about bugs on our interface. In 90% of cases, the problem comes from an extension that is installed on the user's browser. Users often don't even know that they have these extensions.
For example, there is Avast that removes sharing buttons (Twitter, FB), and some extensions like Pricepeep, Slick Saving, Deaply Shopping, VideoFileDownload or Pricora that totally mess up our interface.
The problem is that users believe that it is our fault and then quit without further investigation :-(
Do you have a miraculous solution to block or detect some or all of bad browser extensions? Thanks in advance!
If you think it is worth the trouble, you could implement your own extension (and offer the user to install it to get rid of UI-breaking).
In this extension you should use the chrome.management API to:
Get all installed and enabled extensions (using method getAll()).
Detect the ones you know are "harmful" to your UI (e.g. filter the installed and enabled extentions against a list of known-to-cause-trouble extension IDs or names).
Inform the user about the situation.
Offer to disable or even uninstall the problematic extensions.
(I haven't tested it but supposedly you could disable or uninstall an extension even without the user's intervention, but -even if doable- it is hardly a good practise.)
I dont think you can block the extensions, however you could detect that your buttons are getting hidden and if so show a message explaining the user that they probably have such and such extension installed, with instructions on how to remove them.
Will cover most cases.
I spent a fair amount of time trying to determine why my view of a site didn't match a clients, after looking at the cache etc. we determined the problem to be with one of the add-ons (Adblock Plus in this particular case). It would have been much simpler if we could have had an easy way to query what add-ons were installed, and ideally active. Is there anyway to generate a list programmatically perhaps with JavaScript?
No, you can't do this with user/page JavaScript. I imagine it would be a security risk, if you could.
But there is an add-on you can install that will generate a printable, copyable list of installed extensions/Add-ons.
Check out: "Extension List Dumper".
You cannot get a complete list just by using Javascript, but some Addons allow a check anyway.
accessing the chrome://-protocol was considered a security risk and
therefore has been disabled. Nonetheless you can still accomplish to detect
an extension with the image-load trick. Why? Because extension
developers may mark their extension as web-accessible setting the
property “contentaccessible=yes” inside the chrome.manifest file of
the extension. This is e.g. the case for the two famous plugins
Firebug and Web Developer Toolbar
source: http://webdevwonders.com/detecting-firefox-add-ons/