检查用户是否安装了第三方 Chrome 扩展程序 [英] Check if user has a third party Chrome extension installed

问题描述

我目前正在尝试检测用户是否安装了某个 Chrome 扩展程序.Chrome 扩展程序不是我自己的，我没有它的源代码.我在许多帖子中尝试过方法，但都失败了.我尝试过的方法以及失败的原因详述如下.

I am currently trying to detect if a user has a certain Chrome extension installed. The Chrome extension is not my own and I do not have the source code to it. I have tried methods in numerous posts but they all fail. What I've tried and why it failed is detailed below.

这会导致执行时无法读取未定义的属性连接":

This results in 'cannot read property connect of undefined' when executed:

var myPort=chrome.extension.connect('idldbjenlmipmpigmfamdlfifkkeaplc', some_object_to_send_on_connect);

尝试按如下方式加载扩展程序的资源以测试它是否存在，但在浏览器中访问此 URL 会导致找不到您的文件"Chrome 错误页面(请注意，我通过转到 C:Users\AppDataLocalGoogleChromeUser DataDefaultExtensionsidldbjenlmipmpigmfamdlfifkkeaplc1.0.0.1_0 在我的 Windows 本地机器上):

Trying to load a resource of the extension as follows to test if it's there but going to this URL in browser results in 'your file was not found' Chrome error page (note that I found this path by going to C:Users\AppDataLocalGoogleChromeUser DataDefaultExtensionsidldbjenlmipmpigmfamdlfifkkeaplc1.0.0.1_0 on my Windows local machine):

chrome-extension://idldbjenlmipmpigmfamdlfifkkeaplc/1.0.0.1_0/icon_16.png

使用 Chrome 管理，但在执行时会导致控制台错误无法读取未定义的属性"

Using Chrome management but this results in console error 'cannot read property get of undefined' when executed

chrome.management.get("idldbjenlmipmpigmfamdlfifkkeaplc", function(a){console.log(a);});

我遇到的大多数其他答案似乎都涉及由试图检查它的同一个人编写的扩展.

And most other answers I've come across seem to involve the extension being written by the same person who is trying to check for it.

推荐答案

假设您从网站上需要它

connect/message 方法暗示扩展 在它期望连接的来源列表中专门列出了您的网站.除非您自己编写此扩展程序，否则这不太可能，因为这不能是通配符域.

Assuming you need it from a website

connect/message method implies that the extension specifically listed your website in the list of origins it expects connection from. This is unlikely unless you wrote this extension yourself, as this cannot be a wildcard domain.

从网络上下文引用扩展程序中的文件将返回 404 模拟网络错误，除非扩展程序 将它们声明为可通过网络访问.这曾经在 2012 年之前有效，但谷歌将其作为指纹识别方法关闭 - 现在扩展必须明确列出可以访问的资源.你特别提到的扩展没有列出任何网络可访问的文件，所以这条路线也被关闭了.

Referring to files within the extension from web context will return 404 simulate a network error unless the extension declared them as web-accessible. This used to work before 2012, but Google closed that as a fingerprinting method - now extensions have to explicitly list resources that can be accessed. The extension you specifically mention doesn't list any files as web-accessible, so this route is closed as well.

chrome.management 是一个扩展 API；网站根本无法使用它.

chrome.management is an extension API; websites cannot use it at all.

最后，如果扩展程序具有以某种方式修改网页 DOM 的内容脚本，您可能会检测到这些更改.但它不是很可靠，因为内容脚本可以改变它们的逻辑.同样，在您的特定情况下，扩展程序会侦听 DOM 事件，但无论如何都不会明确接收到该事件 - 因此该路由已关闭.

Lastly, if an extension has a content script that somehow modifies the DOM of your webpage, you may detect those changes. But it's not very reliable, as content scripts can change their logic. Again, in your specific case the extension listens to a DOM event, but does not anyhow make clear the event is received - so this route is closed.

请注意，一般情况下，您无法确定内容脚本代码与您的代码一起运行，因为它在孤立的上下文中运行.

Note that, in general, you cannot determine that content script code runs alongside yours, as it runs in an isolated context.

总而言之，这个问题没有神奇的解决方案.扩展程序必须协作才能被发现，您不能绕过它.

Origins 白名单的 connect/message 方法 default 到所有扩展；但是，要使其工作，目标扩展程序需要侦听 onConnectExternal 或 onMessageExternal 事件，这并不常见.

Origins whitelisted for connect/message method default to all extensions; however, for this to work the target extension needs to listen to onConnectExternal or onMessageExternal event, which is not common.

Web 可访问的资源对其他扩展的访问也有同样的限制，所以情况也不好.

Web-accessible resources have the same restrictions for access from other extensions, so the situation is not better.

使用您自己的内容脚本观察页面的变化是可能的，但同样可能没有可观察的变化，您不能依赖这些变化总是相同的.

Observing a page for changes with your own content script is possible, but again there may be no observable ones and you cannot rely on those changes being always the same.

与扩展-网页交互类似，来自不同扩展的内容脚本在隔离的上下文中运行，因此无法直接捕捉"正在运行的代码.

Similar to extension-webpage interaction, content scripts from different extensions run in isolated context, so it's not possible to directly "catch"code being run.

chrome.management API 来自扩展程序是检测正在安装的 3rd 方扩展的唯一可靠方法，但请注意 需要 "management" 权限 及其可怕的警告.

这篇关于检查用户是否安装了第三方 Chrome 扩展程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！