网站可以判断 Firefox 网络浏览器中安装了哪些插件吗? [英] Can websites tell what addons are installed in a Firefox web browser?

问题描述

在使用网站时，网站能否判断浏览器中安装了哪些插件?如果是这样，是否可以隐藏它，或随机化名称/标识?

When using a website, can a website tell which plugins are installed in a web browser? If so, is it possible to hide that, or randomize the name/identification?

推荐答案

一般附加组件/扩展

一般来说，不会:
网页无法确定安装在 Firefox 浏览器/配置文件中的附加组件的一般列表.

Add-ons/extensions in general

In general, no:
A web page can not determine a general list of add-ons which are installed in the Firefox browser/profile.

但是，您可能能够根据加载项对环境、DOM 以及可能的脚本操作的影响，以很高的概率检测到安装了特定加载项.这些效果是严格按照附加组件进行的.

However, you may be able to detect with a high probability that a specific add-on is installed based on the effects that add-on has on the environment, DOM, and, potentially, the operation of your scripts. What those effects are is strictly on an add-on by add-on basis.

URI 资源泄漏:
作为 the8472 的 answer 指出，某些附加组件可能对环境产生的影响之一是泄漏 Web 可访问的 URI.您可以测试那些您知道由特定附加组件泄露/提供的内容的有效性.一些可能的 URI 包括方案:about:、moz-extension: 和 resource:.与测试以查看 Internet 上存在哪些网页一样，可能的 URI 组合非常庞大，因此进行详尽搜索是不合理的.对于某些特定扩展，您可以测试确切的已知资源.

URI resource leakage:
As the8472's answer states, one of the effects on the environment which some add-ons may have is leaking web-accessible URIs. You can test for the validity of those which you know are leaked/made available by specific add-ons. Some of the possible URIs include the schemes: about:, moz-extension:, and resource:. As with testing to see what webpages exist on the internet, the combinations of possible URIs is vast, making it unreasonable to search exhaustively. For some specific extensions, you can test for exact known resources.

DOM/计算样式更改:
您可以测试对 DOM 或应用的 CSS 的更改.如果您知道特定附加组件对 DOM(插入、删除等)或特定元素的计算样式的影响，您可以明确测试这些影响.您还可以对您不希望看到的更改进行一般性测试.虽然对意外更改进行一般测试可能会告诉您加载项很可能影响了您的页面，但不知道已知加载项所做的具体预期更改并能够将实际更改与预期更改进行比较，您将不会能够说出哪个附加组件执行了此类更改.

DOM/computed style changes:
You can test for changes to the DOM, or applied CSS. If you know the effects which a specific add-on has on the DOM (insertions, removals, etc.) or computed style for specific elements, you can test explicitly for those effects. You can also test generally for changes that are ones which you don't expect to see. While testing generally for unexpected changes may tell you that it is likely that an add-on has affected your page, without knowing specific expected changes made by known add-ons and being able to compare the actual changes with the expected changes, you will not be able to say which add-on performed such changes.

对全局范围的更改:
您还可以测试对您的环境所做的更改.附加组件可能会阻止加载您期望的资源，对这些资源进行更改，或添加/注入额外的资源/属性/变量/函数.您可以测试以查看是否有任何新的、缺失的或更改的属性.与 DOM/CSS 更改一样，如果您知道附加组件对您的环境的影响，则只能说明它可能是一个特定的附加组件.与 DOM 更改一样，您可以与您期望在每个浏览器(和版本)中看到的内容进行一般比较.同样，这可以告诉您某些内容已更改，但如果不将其与已知更改进行比较，您将无法说它是特定的附加组件(或只是 Firefox 的新版本).

Changes to global scope:
You can also test for changes that have been made to your environment. An add-on might prevent resources from loading which you expect, make changes to those resources, or add/inject additional resources/properties/variables/functions. You can test to see if there are any new, missing, or changed properties. As with DOM/CSS changes, you can only state that it was probably a specific add-on if you know the effects that add-on has on your environment. As with DOM changes, you can make a general comparison against what you expect to see in each browser (and version). Again, this can tell you that something was changed, but without comparing it to known changes you will not be able to say it was a specific add-on (or just a new version of Firefox).

检测特定加载项:
您必须确定您的页面可以检测到的任何特定附加组件的效果.这可以通过实验和/或查看附加组件的源代码来确定.对于绝大多数附加组件，附加组件主要是用 JavaScript 编写的.安装包中的源代码(通常是一个.xpi文件，它是一个zip格式的文件，扩展名为.xpi).

Detecting a specific add-on:
You have to determine what effects any particular add-on has which can be detected by your page. This can be determined by experimentation and/or looking at the add-on's source code. For the vast majority of add-ons, the add-on is primarily written in JavaScript. The source code for which is in the install package (usually a .xpi file, which is a zip format file with the extension name changed to .xpi).

不能 100% 保证任何检测都是精确的附加组件:
你只会知道发生了一些变化.您或许能够确定您所看到的更改是您期望由特定加载项进行的更改，但这并不意味着这些更改不是由其他加载项进行的.在这种情况下，更改很可能是您尝试识别的附加组件，但不能 100% 保证.

Not 100% guaranteed any detection is an exact add-on:
You will only ever know that some changes happened. You might be able to identify the changes you see to be what you expect to be made by a particular add-on, but that does not mean the changes were not made by another add-on. In such a case, it can be very likely that the change was the add-on you are attempting to identify, but it is not 100% guaranteed.

您的问题的文本提出了一个与您的问题标题截然不同的问题.插件是一种附加组件 提供用户可以安装的共享库以显示浏览器无法本地显示的内容".这些非常具体地旨在提供可用于网页的功能.您绝对可以检测浏览器中可用的插件.您可以使用 window.navigator.plugins 提供了一个 PluginArray插件对象描述已安装的插件.

The text of your question asks a distinctly different question from the title of your question. Plugins are one type of add-on which provide "shared libraries that users can install to display content that the browser can't display natively." These are, very specifically, intended to provide functionality which is available to webpages. You definately can detect what plugins are available in the browser. You can do so using window.navigator.plugins which provides a PluginArray of Plugin objects describing the plugins which are installed.

这篇关于网站可以判断 Firefox 网络浏览器中安装了哪些插件吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！