Can a website block a Chrome Extension? [duplicate]

by

Since the other answer didn’t really answer anything about actually stopping an extension, I thought I would add my own two cents. Using the method in the other answer, you can sometimes detect if a particular extension is installed and react accordingly, but this requires you to test for a particular ID string and file for that particular extension. I am sure that we can all agree that this isn’t a very encompassing solution.

There are many things about extensions that you cannot stop from within your site, such as the chrome.webRequest api that adblock makes use of. There is nothing you can do to interfere directly with that sort of code, but there is plenty you can do on the DOM manipulation side.

Content Scripts operate in an isolated world meaning that they cannot see/interact with the javascript running on the site. They do, however, have complete access to the DOM and can do whatever they want to it. Conversely, your own javascript has the same access to that DOM. Taking advantage of that isolated world we can set up a MutationObserver to watch over the DOM and prevent any unwanted changes. Because of the isolated world, content scripts cannot disable or turn off our observer while our own javascript can do so freely.

Here is an example of a MutationObserver that locks down the DOM with a little jQuery mixed in because I am lazy.

var config= {childList: true,
             attributes: true,
             characterData: true, 
             subtree: true, 
             attributeOldValue: true, 
             characterDataOldValue: true};
var observer = new MutationObserver(function(mutations){
  mutations.forEach(function(mutation){
    switch(mutation.type){
      case "attributes":
        observer.disconnect();
        if(mutation.attributeName == "class")
         mutation.target.className = mutation.oldValue;
        else if(mutation.attributeName=="id"||mutation.attributeName=="title")
         mutation.target[mutation.attributeName] = mutation.oldValue;
        else if(mutation.attributeName == "style")
          mutation.target.style.cssText = mutation.oldValue;
        observer.observe(document,config);
        break;
      case "characterData":
        observer.disconnect();
        mutation.target.data = mutation.oldValue;
        observer.observe(document,config);
        break;
      case "childList":
        observer.disconnect();
        if(mutation.addedNodes.length > 0)
          $(mutation.addedNodes[0]).remove();
        if(mutation.removedNodes.length > 0){
          if(mutation.nextSibling)
            $(mutation.removedNodes[0]).insertBefore(mutation.nextSibling);
          else if(mutation.previousSibling)
            $(mutation.removedNodes[0]).insertAfter(mutation.previousSibling);
          else
            $(mutation.removedNodes[0]).appendTo(mutation.target);
        }
        observer.observe(document,config);
        break;
    }
  });
});

$(function(){
  observer.observe(document,config);
});

Throwing it into a chrome extension with a simple manifest such as:

{
  "name": "DOM Polymerase",
  "version": "1.0",
  "manifest_version": 2,
  "permissions": [
    "tabs","<all_urls>"
  ],
  "content_scripts": [{
    "matches": ["http://example.iana.org/*"],
    "js": ["jquery-1.8.3.min.js","polymerase.js"]
  }]
}

And navigating to http://example.iana.org/ will show that external manipulation of the DOM (except for some attributes, I didn’t code them all in there) is no longer possible. Of course, in this case internal manipulation is also denied, but if the code was in the site instead of an extension, it would be a different story. While this doesn’t disable extensions completely, it should at least preserve your DOM.

More Related Contents:

  1. Console shows error about Content Security policy and lots of failed GET requests
  2. Javascript: Let user select an HTML element like Firebug?
  3. How can I get the current Crome URL?
  4. Use a content script to access the page context variables and functions
  5. Chrome Extension Message passing: response not sent
  6. “Cannot read property of undefined” when using chrome.tabs or other chrome API in content script
  7. How to detect page navigation on YouTube and modify its appearance seamlessly?
  8. Violation Long running JavaScript task took xx ms
  9. Chrome Extension how to send data from content script to popup.html
  10. Injecting JS functions into the page from a Greasemonkey script on Chrome
  11. Chrome extension adding external javascript to current page’s html
  12. How to retrieve the element where a contextmenu has been executed
  13. Chrome extension: How to remove orphaned script after chrom extension update
  14. Loading external javascript in google chrome extension
  15. How to keep Google Chrome Extension popup open?
  16. Chrome extension: Inject JS before page load
  17. Inspecting WebSocket frames in an undetectable way
  18. How to give a Blob uploaded as FormData a file name?
  19. Getting unique ClientID from chrome extension?
  20. Content-Security-Policy error in google chrome extension making
  21. Can’t trigger click with jQuery in a Chrome extension
  22. In a Chrome Extension content script, must I wait for document.ready before processing the document?
  23. Cross-Origin XMLHttpRequest in chrome extensions
  24. How to modify current url location in chrome via extensions
  25. chrome.tabs.executeScript(): How to get result of content script?
  26. How to develop Chrome extension for Gmail?
  27. Chrome content scripts aren’t working: DOMContentLoaded listener does not execute
  28. Chrome extension: Checking if content script has been injected or not
  29. How to to initialize keyboard event with given char/keycode in a Chrome extension?
  30. Link to chrome:// url from a webpage

Leave a Comment