I spent a fair amount of time trying to determine why my view of a site didn't match a clients, after looking at the cache etc. we determined the problem to be with one of the add-ons (Adblock Plus in this particular case). It would have been much simpler if we could have had an easy way to query what add-ons were installed, and ideally active. Is there anyway to generate a list programmatically perhaps with JavaScript?
No, you can't do this with user/page JavaScript. I imagine it would be a security risk, if you could.
But there is an add-on you can install that will generate a printable, copyable list of installed extensions/Add-ons.
Check out: "Extension List Dumper".
You cannot get a complete list just by using Javascript, but some Addons allow a check anyway.
accessing the chrome://-protocol was considered a security risk and
therefore has been disabled. Nonetheless you can still accomplish to detect
an extension with the image-load trick. Why? Because extension
developers may mark their extension as web-accessible setting the
property “contentaccessible=yes” inside the chrome.manifest file of
the extension. This is e.g. the case for the two famous plugins
Firebug and Web Developer Toolbar
source: http://webdevwonders.com/detecting-firefox-add-ons/
Related
I spent a fair amount of time trying to determine why my view of a site didn't match a clients, after looking at the cache etc. we determined the problem to be with one of the add-ons (Adblock Plus in this particular case). It would have been much simpler if we could have had an easy way to query what add-ons were installed, and ideally active. Is there anyway to generate a list programmatically perhaps with JavaScript?
No, you can't do this with user/page JavaScript. I imagine it would be a security risk, if you could.
But there is an add-on you can install that will generate a printable, copyable list of installed extensions/Add-ons.
Check out: "Extension List Dumper".
You cannot get a complete list just by using Javascript, but some Addons allow a check anyway.
accessing the chrome://-protocol was considered a security risk and
therefore has been disabled. Nonetheless you can still accomplish to detect
an extension with the image-load trick. Why? Because extension
developers may mark their extension as web-accessible setting the
property “contentaccessible=yes” inside the chrome.manifest file of
the extension. This is e.g. the case for the two famous plugins
Firebug and Web Developer Toolbar
source: http://webdevwonders.com/detecting-firefox-add-ons/
I have an Internal web portal (opened only from Chrome) in which I am temporarily hiding few options using Tamper Monkey. So this script would be setup in few internal system only. Is there a way I disable the option in Tamper Monkey where users cannot go disable these script in the Tamper Monkey dashboard? This is being done from an organization level.
Is there a way I put this script directly in to my Web Server?
Below is how we solved the issue.
We created a new Chrome Extension and it uses an User script. So rather than depending on Tamper Monkey, we built our own.
Also when its published in an organization by an Administrator, we can then control the Chrome Extension if it can be disabled or not. Also we can force install of the Extension, when someone disables it.
No. You cannot do that. No userscript can alter any extension nor browser settings.
Nor can even an extension interfere directly with other extensions.
The browser developers are very diligent about blocking all vectors for such attacks that they discover (within reason).
Your best bet is to alter the web portal app to deal with the issue. It should never, ever, trust what is coming from a "browser" anyway (Always verify your app inputs).
If you have inflicted Google Chrome Enterprise on your users, you can force-install extensions that they can't disable. This still wouldn't stop them from being to disable a Tampermonkey script, but you could write a custom extension that does the same thing.
If you have full control of the target machines, and depending on details you haven't provided, you may be able to place the machines in "Kiosk Mode". Although I'm not sure if this would prevent them from clicking Tampermonkey off...
The second best bet is employee training, coaching, and (last-resort) consequences -- if this is a workplace.
Another possibility, if you have money and time to burn, is to fork the Chromium source code and make your own browser.
It is also possible, but almost certainly not cost effective, to place an executable on the user's machines that restricts certain actions. But you'd be a fool, and/or a government, and/or a crook, to attempt such an approach.
I was trying to pack an little extension i made, but chrome keeps removing it as it may have been "installed without my consent". Is there any way to stop this? Thanks!
Note: This is not a duplicate from this question , as my extension is not yet in the chrome store.
It's not possible to use packed extensions for anything but very limited testing those days.
Chrome explicitly forbids installs from sources other than CWS. So you really need to either use it unpacked (if it's only for yourself) or publish it to CWS as unlisted/trusted testers (if it's for a small group of people).
The feature to pack still exists, since enterprise deployments and apps are not subject to these restrictions. 99% likely that you won't be able to use enterprise deployment though.
More and more of our users (I manage a french blogging platform) are complaining about bugs on our interface. In 90% of cases, the problem comes from an extension that is installed on the user's browser. Users often don't even know that they have these extensions.
For example, there is Avast that removes sharing buttons (Twitter, FB), and some extensions like Pricepeep, Slick Saving, Deaply Shopping, VideoFileDownload or Pricora that totally mess up our interface.
The problem is that users believe that it is our fault and then quit without further investigation :-(
Do you have a miraculous solution to block or detect some or all of bad browser extensions? Thanks in advance!
If you think it is worth the trouble, you could implement your own extension (and offer the user to install it to get rid of UI-breaking).
In this extension you should use the chrome.management API to:
Get all installed and enabled extensions (using method getAll()).
Detect the ones you know are "harmful" to your UI (e.g. filter the installed and enabled extentions against a list of known-to-cause-trouble extension IDs or names).
Inform the user about the situation.
Offer to disable or even uninstall the problematic extensions.
(I haven't tested it but supposedly you could disable or uninstall an extension even without the user's intervention, but -even if doable- it is hardly a good practise.)
I dont think you can block the extensions, however you could detect that your buttons are getting hidden and if so show a message explaining the user that they probably have such and such extension installed, with instructions on how to remove them.
Will cover most cases.
I would like to be able to add custom snippets of javascript to any site that matches a regex. This is mostly because of sites that I use daily because of specialized content, but which have a poor design. I want to be able to do something like:
Visit site See that sidebar overwrites content
Whip out developer tools, find div id for sidebar
Edit a snippet of javascript which is executed on document.ready for this domain:
$('#sidebar-right').remove();
A bit of searching for user scripts tells me that I need to be writing a Chrome extension, which seems unfortunate and overkill. Is there not an easier way, or an extension which is nothing but a javascript editor that assigns snippets to domains? I'd really like to be able to edit in Chrome itself, or at least have a file that I can just leave open in MacVim all the time. An extension requires unloading/installing to update as far as I can tell.
If I just had one big javascript file, that would be fine. I'd just wrap my customizations in domain checks.
Bonus love if I can write in CoffeeScript.
The answer is to use the Tampermonkey chrome extension.
https://chrome.google.com/webstore/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
Why not dotjs http://defunkt.io/dotjs/ ? It's local, you can version it with git, you can easily take it to another computer...
Another alternative that neatly solves the problem is Custom JavaScript for websites. You just need to install the extension, which takes around 2 seconds, and then you can immediately start typing your custom JavaScript for the specified website.
The extension automatically recognizes the current website, so all you need to do is write your code and click on Save. You can also easily import jQuery or your external scripts for convenience.
Custom JavaScript for Websites 2 is an alternative to Custom JavaScript for Websites, with some bug fixes and sync scripts across devices feature.
Snippets are available directly in Chrome Devtools
https://developers.google.com/web/tools/chrome-devtools/javascript/snippets
Witchcraft is another Google Chrome extension for loading custom Javascript and CSS, and it is supposedly for more avanced users. The older dotjs project repository lists Witchcraft as its successor.
What you're looking for is Greasemonkey. But wait, Greasemonkey is for Firefox only, right? Turns out, you can install Greasemonkey user-scripts as native Chrome add-ons. Just go to userscripts.org and hit the Install button on one of them, and Chrome will automatically convert it into a native add-on. Then, write your own and install it using Chrome.
Note: This only works in Chrome 4.0.