Whitelist UserScript for Chromium?

R

RMV19832013-07-28 16:12:43

Google Chrome

RMV1983, 2013-07-28 16:12:43

We need a UserScript for Chromium that implements a white list ( ie pages from other domains should not be loaded ) for a dozen or two domains (including ajax, etc.).

What for?

Вкратце: безопасность.
Подробнее:
Есть люди, не очень разбирающиеся в ПО и, в частности, в безопасности. У них есть основной браузер которым они пользуются.
Необходимо им дать доступ к нескольким учёткам и сайтам, которые имеют для меня (и для них) ценность. Без сообщения пароля.
Как мне показалось, проще всего — поставить отдельный браузер, в котором авторизироваться на нужных ресурсах. И запретить этому браузеру посещать все остальные сайты, выдавая предупреждение. Таким образом сразу отпадёт: фишинг, воровство кук и др. Ограничение расширением нужно, что бы они не спутали браузер, а спутав не продолжили им пользоваться.

Why not an extension?

Я нашёл только одно расширение: «Whitelist for Chrome».
Но! Там внизу висит предупреждение:
"When installing Whitelist for Chrome, your browser will warn you that this extension can access your data on all sites, and your browsing history."
Фактически, остаётся только надеяться на добросовестность автора приложения. И на то, что они будут так же добросовестны, при обновлении в дальнейшем.

At first glance, nothing particularly complicated - you could write such a UserScript yourself, but the following things stop:

I don't know how to stop/prevent page/third party links from loading
Here it says that: “All userscripts are launched after all the main elements of the page have loaded, but the images have not loaded yet. We can say that userscripts are loaded on the DOMContentLoaded event. Not sure how to get around this? After all for certain there is any standard mechanism/API.
Perhaps such a UserScript already exists .
I never wrote extensions.

If you tell me another solution, I will be grateful, but I don’t like the option with a proxy initially.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

spmbt, 2013-07-29
@RMV1983

> "When installing Whitelist for Chrome, your browser will warn you that this extension can access your data on all sites, and your browsing history."
---This is also true for userscripts - this is the nature of the scripting language: if you have access to the environment (the window of the site page), then you potentially get and change all the data on it.
The blocking extension, on the other hand, is more convenient because the script in it (background.js) runs before the page loads and can cancel the loading altogether. The userscript is launched at the end of the page (no options, well, or even later). Therefore, in order to prevent loading, it is necessary not to allow opening pages, i.e. analyze links of transitions and forms. In this system - it's very easy to have holes - the script won't be able to catch redirects. So it won't provide security. An extension (or application/app) - on the contrary, it can be built with security, except when malicious pages are caught after allowing them to be opened.

A

amidart, 2013-07-29
@amidart

It is not entirely clear why the extension does not fit. Such a warning is for all extensions that have the following in their manifest:
"permissions": ["http://*/*"], etc.
To write such an extension, you need to have such rights.
If there is no trust in the author, then you can write an extension for Chrome yourself using webrequests: developer.chrome.com/extensions/webRequest.html

Y

Yuri Popov, 2013-07-29
@DjPhoeniX

In my opinion, the simplest and iron option:
1. Register the IP of the required sites in hosts
2. Completely block outgoing connections to tcp / udp port (DNS) through the Windows firewall.
3. Close the local admin with some complex password.