检查用户是否安装了第三方Chrome扩展程序 [英] Check if user has a third party Chrome extension installed

问题描述

我目前正在尝试检测用户是否安装了某个Chrome扩展程序。 Chrome扩展程序不是我自己的，我没有它的源代码。我已经在众多帖子中尝试了方法，但都失败了。我试过的以及失败的原因详述如下。

这会导致'执行时无法读取未定义的属性连接'：

  var myPort = chrome.extension.connect（'idldbjenlmipmpigmfamdlfifkkeaplc'，some_object_to_send_on_connect）; 
  

尝试按如下方式加载扩展程序的资源，以测试它是否存在，但转到此URL浏览器导致'您的文件未找到'Chrome错误页面（请注意，我通过转到C：\ Users \\AppData\Local\Google\Chrome\User Data\Default\\找到了此路径\\ Extensions \idldbjenlmipmpigmfamdlfifkkeaplc\1.0.0.1_0\在我的Windows本地机器上）：

  chrome-extension：// idldbjenlmipmpigmfamdlfifkkeaplc / 1.0.0.1_0 / icon_16.png 
  

使用Chrome管理系统，但这会导致控制台错误'can not读取属性获取undefined'执行时

$ $ p $ chrome.management.get（idldbjenlmipmpigmfamdlfifkkeaplc，function（a）{console.log （一个）;}）;


我遇到的大多数其他答案似乎涉及由同一个人编写的扩展正在尝试检查它。

解决方案

假设您需要从网站

connect / message 方法意味着扩展在您希望与其建立连接的来源列表中明确列出您的网站。这是不太可能的，除非你自己写这个扩展名，因为这不能是通配符域。

在web上下文中引用扩展中的文件时，返回404 < del>模拟网络错误，除非扩展程序将它们声明为可通过网络访问。这项工作在2012年之前就已开始，但Google已将其作为一种指纹识别方法 - 现在扩展必须明确列出可以访问的资源。 您特别提到的扩展名不会将任何文件列为可通过网络访问的文件，因此此路由也会被关闭。

chrome.management 是一个扩展API;网站根本无法使用它。

最后，如果某个扩展程序有一个内容脚本以某种方式修改了网页的DOM，则可能会检测到这些更改。但它不是很可靠，因为内容脚本可以改变他们的逻辑。同样，在你的特定情况下，扩展监听一个DOM事件，但不会明确说明事件已收到 - 所以这条路由被关闭。

请注意，一般来说，您无法确定内容脚本代码是否与您的一起运行，因为它在单独的环境中运行。

总而言之，这个问题没有神奇的解决方案。

假设您需要从另一个分机

起源将所有扩展程序的白名单列入连接 / 消息方法默认值 ;然而，要实现这个功能，目标扩展需要监听 onConnectExternal 或 onMessageExternal 事件，这并不常见。 / p>

可通过网络访问的资源对其他扩展程序的访问权限具有相同的限制，因此情况并不是这样。

使用自己的内容脚本观察页面的变化是可能的，但是也可能没有可观察到的变化，并且你不能依赖那些变化总是相同的。

类似于扩展 - 网页交互，来自不同扩展的内容脚本运行在独立的上下文中，所以无法直接捕捉正在运行的代码。

chrome.management API 是唯一的保证检测正在安装的第三方扩展的方法，但请注意它需要management权限及其可怕的警告。

I am currently trying to detect if a user has a certain Chrome extension installed. The Chrome extension is not my own and I do not have the source code to it. I have tried methods in numerous posts but they all fail. What I've tried and why it failed is detailed below.

This results in 'cannot read property connect of undefined' when executed:

var myPort=chrome.extension.connect('idldbjenlmipmpigmfamdlfifkkeaplc', some_object_to_send_on_connect);

Trying to load a resource of the extension as follows to test if it's there but going to this URL in browser results in 'your file was not found' Chrome error page (note that I found this path by going to C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\idldbjenlmipmpigmfamdlfifkkeaplc\1.0.0.1_0\ on my Windows local machine):

chrome-extension://idldbjenlmipmpigmfamdlfifkkeaplc/1.0.0.1_0/icon_16.png

Using Chrome management but this results in console error 'cannot read property get of undefined' when executed

chrome.management.get("idldbjenlmipmpigmfamdlfifkkeaplc", function(a){console.log(a);});

And most other answers I've come across seem to involve the extension being written by the same person who is trying to check for it.

解决方案

Assuming you need it from a website

connect/message method implies that the extension specifically listed your website in the list of origins it expects connection from. This is unlikely unless you wrote this extension yourself, as this cannot be a wildcard domain.

Referring to files within the extension from web context will return 404 simulate a network error unless the extension declared them as web-accessible. This used to work before 2012, but Google closed that as a fingerprinting method - now extensions have to explicitly list resources that can be accessed. The extension you specifically mention doesn't list any files as web-accessible, so this route is closed as well.

chrome.management is an extension API; websites cannot use it at all.

Lastly, if an extension has a content script that somehow modifies the DOM of your webpage, you may detect those changes. But it's not very reliable, as content scripts can change their logic. Again, in your specific case the extension listens to a DOM event, but does not anyhow make clear the event is received - so this route is closed.

Note that, in general, you cannot determine that content script code runs alongside yours, as it runs in an isolated context.

All in all, there is no magic solution to that problem. The extension has to cooperate to be discoverable, and you cannot bypass that.

Assuming you need it from another extension

Origins whitelisted for connect/message method default to all extensions; however, for this to work the target extension needs to listen to onConnectExternal or onMessageExternal event, which is not common.

Web-accessible resources have the same restrictions for access from other extensions, so the situation is not better.

Observing a page for changes with your own content script is possible, but again there may be no observable ones and you cannot rely on those changes being always the same.

Similar to extension-webpage interaction, content scripts from different extensions run in isolated context, so it's not possible to directly "catch"code being run.

chrome.management API from an extension is the only surefire way to detect a 3rd party extension being installed, but note that it requires "management" permission with its scary warnings.

这篇关于检查用户是否安装了第三方Chrome扩展程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！