英文:
Can we create a browser extension to block all downloads within the browser? as this prevent accidental virus installations on risky websites
问题
有了这个想法,因为当我访问一些网站时,你可以立刻看出它们会有下载病毒/特洛伊木马的链接 - 阻止网站下载任何内容 - 也会阻止病毒被下载。
此外,是否可能创建一个扩展程序 - 该扩展程序会阻止网站在新标签页中打开链接 - 因为这将防止网站在新标签页中打开一个更危险/风险更大的网站。
英文:
Had this idea, cause when I visit some websites, you can immediately tell that they will have links that download viruses / trojans - blocking websites from downloading anything - would also stop viruses from being downloaded.
Also, is it possible to create an extension - where the extension blocks websites from opening up links in new tabs - cause this would prevent a website from opening up an even more dangerous / risky website in a new tab.
答案1
得分: 1
> 我们能创建一个浏览器扩展来阻止浏览器内的所有下载吗?
可能可以,但是...
不过还要保留一个 网络 浏览器。
从网络下载文件,特别是HTML页面,是Web浏览器的主要功能之一。
哦,你所说的“所有”并不包括网页吗?
在公认互联网与万维网之前,互联网上有几种受欢迎的基于文本的服务。谁还记得Usenet?Gopher?当然还有电子邮件。而且现在仍然存在纯文本的Web浏览器。但将图像与文本结合起来几乎从一开始就是Web的杀手功能之一。如果浏览器不能下载图像,一般人很难认出Web或大多数他们喜欢的网站。
现代网页通常使用样式表来控制布局和呈现,这是非常普遍的。尽管这些样式表可以嵌入在网页中,但它们通常是外部的、单独下载的文档。当它们的样式表无法加载时,一些网站的外观可能会令人吃惊(尽管您可能在不认识的情况下偶尔看到了一些示例)。这些外部样式表也是下载。
而且,一个网页通过框架或iframe嵌入另一个网页并不罕见。嵌入的页面也是下载。
哦,你所说的“所有”也不包括网页的所有构成部分吗?
好的。但是现在非常普遍的是网页依赖客户端脚本。这些脚本可以嵌入在网页中,但通常是单独下载的文件。也许您将这些下载视为网页的构成部分,但在这一点上,我们正在讨论如果恶意使用可能会非常危险的东西,所以我们确实需要小心谨慎。
另一方面,这些脚本经常执行的操作之一是通过发送自己的请求并接收(下载)自己的响应与Web服务器进行交互。这是StackOverflow、Google Docs和您的基于Web的电子邮件客户端等服务运行的基本原理。如果阻止这些下载,那么许多网站将无法正常运作(尽管对一些人来说可能是可以接受的)。
哦,你所说的“所有”真的只是指 -- 什么? -- 那些不被浏览器显示、执行或直接使用的文件吗?
当然,这是可以想象的。不过,这仍然会阻止一些非常常见的功能。例如,不再通过浏览器安装软件了。我猜你将依赖供应商通过电子邮件向您发送安装程序。接收电子邮件中的程序不应该有任何问题,对吗?哦。
总的来说,您可以通过选择允许哪些事项来调整您的风险水平,但长期以来,浏览器一直具有用于执行此操作的内置安全控制。它们的最严格级别不如上面考虑的最严格级别严格,但通常它们足够严格,以至于当您将它们调到最大时,您会真正感受到它们的存在。另一方面,内置浏览器安全功能往往具有比上述规则更好的上下文化,因此在相同的限制水平下,它们可能做得更好。
> 另外,是否可以创建一个扩展程序,使其阻止网站在新标签页中打开链接 - 因为这将防止网站在新标签页中打开更危险/风险更大的网站。
是的,但这也是大多数浏览器内置控件所涵盖的范围。
英文:
> Can we create a browser extension to block all downloads within the browser?
Possibly, but ...
Not and still have a web browser left.
Downloading files from the network, especially HTML pages, is part of the primary function of web browsers.
Oh, by "all" you didn't mean web pages?
Well, before it became common to identify the Internet with the World Wide Web, there were several popular text-based services running on the Internet. Who remembers Usenet? Gopher? E-mail, of course. And there are (still) text-only web browsers, too. But combining images with text was among the killer features of the Web almost from the beginning. Few people would recognize the web in general or most of their favorite sites if browsers could not download images.
And it is extremely common for modern web pages to use stylesheets to control layout and presentation. Although these can be embedded in web pages, they are often external, separately downloaded documents. You might be surprised at how awful some sites look when their stylesheets cannot be loaded (though you may have seen an occasional example without recognizing it). Those external stylesheets are downloads, too.
And it's not too uncommon for one web page to embed another via frames or iframes. The embeded pages are downloads.
Oh, by "all" you didn't mean any of those contributing components of web pages, either?
Ok. But it is very common these days for web pages to rely on client-side scripting. These scripts can be embedded in web pages, but frequently they are in separately-downloaded files. Maybe you would include such downloads as contributing components of web pages, but at this point we're talking about stuff that could be genuinely dangerous if malicious, so this is something we do want to be careful about.
On the other hand, one of the things that such scripts often do is interact with web servers by sending their own requests and receiving (downloading) their own responses. This is fundamental to how services such as StackOverflow, Google Docs, and your web-based e-mail client work. If those downloads were prevented, then many web sites would not be functional (though perhaps that would be acceptable to some people).
Oh, by "all" you really just meant -- what? -- files that are not displayed, executed, or directly used by browsers?
Sure, that's conceivable. It would still block some pretty commonly-used capabilities, though. For example, no more installing software via your browser. I guess you'll be relying on vendors e-mailing installer programs to you. Executing programs you receive in e-mail shouldn't be any concern, right? Oh.
Overall, you can dial your risk level up or down by choosing which of these things to allow, but browsers have long had built-in security controls for doing just that. Their strictest levels are less restrictive than the strictest ones contemplated above, but generally, they are strict enough for you to really feel it when you turn them up to 11. On the other hand, built-in browser security features tend to be better contextualized than rules such as the above, so they may do a better job for the same level of restrictiveness.
> Also, is it possible to create an extension - where the extension blocks websites from opening up links in new tabs - cause this would prevent a website from opening up an even more dangerous / risky website in a new tab.
Yes, but this too is within the realm that most browsers have built-in controls for.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论