"Custom scripts can only be added from the Chrome Web Store"? No, not only
Changing the user scripts installation policy in Google Chrome.
In the Chrome browser version 21, an innovation has appeared that has been known since its beta version: when you try to install userscript, the browser produces a provocative, but essentially incorrect message (in the bar on the page above):
In fact, as they further explain, this statement is incorrect and represents, in fact, a cheap provocative trick that pushes authors to publish extensions in their “store”. The benefit is small, but direct, because the registration of the author is paid ( once $ 5 ), and some of the authors will go to it, because not every user will click the "More ..." link and will think that installing the extensions was possible only from the shop". Even a search in Yandex shows such a typical way of thinking of users:
')
Definitely, this is something new in the world of desktop browsers, previously encountered only in Appstore and similar closed environments. Well, read on, is it possible to continue using extensions and scripts in this browser without making money in a store that is not related to you?
By clicking on " Read more ... " we see the page:
The conclusions are as follows.
Yes, since changing the format of Chrome’s own extensions, which began 1–1.5 months ago, they have been systematically working to block the sources of browser hacking using malicious user scripts and extensions. True, 1.5 years ago they “casually” introduced a (one-time) fee for developers to publish extensions, even free ones. Therefore, if a developer makes an extension for himself or for a narrow circle of acquaintances or for a small community around the site (which happens most often), he can no longer publish the extension in the “store” without entering into a monetary relationship with the browser creator - once, but you will have to make a payment, which is approximately equal to registration using a mobile one - the company will learn additional information about the account holder.
In general, for protection against hackers, for searching for violators, this is even good (MS offered a similar scheme of paid letters for protection against spammers), although, probably, there will easily be ways to create a fake account. On the third hand, they claim that each application is being tested, so the money received is obviously spent on supporting the verification service, and this will be a considerable expense if it is really needed.
For comparison, Safari creates the status of a developer (Start developing Safari extensions today) with a license for a year, but free of charge (for extensions). (There is Safari 5.1.7 for Windows dated May 2012, pushed here support.apple.com/kb/DL1531 (us), ru .)
Firefox has never attempted to monetize developer involvement; He has a section of the site with addons, it can register any user or developer that does not constitute stress or problems. Users can make lists (selections) of their add-ons, follow the lists of others and write reviews, and developers can also publish extensions (add-ons, themes, wallpapers).
Opera also has a policy of moderating developers, but for free. The developer must register: my.opera.com/community/terms-of-service (English, google-trans-Rus. ), But in the conditions there is no word for payment. Google, of course, crossed the boundaries of the need for free popularization and can already allow to tighten the nuts, while the Opera is not very large amount of moderation.
In addition, Opera has built-in support for userscripts and user styles in 2 ways - for all sites and by site. The installation method is the most complicated of all other browsers , but mastered by users.
IE ... Well, they do nothing at all in terms of supporting extensions, others do for them (including browsers). There is only a primitive possibility of installing multisite (for all sites at once) user styles, by analogy with the similar Safari function, but existing from the version of IE7.
However, Chrome provides, judging by the text of the rules, and 2 workarounds (and again, not all) of installing extensions and user scripts: by writing a special tag with the extension developer code directly on the webpage (funny - if you have access to the page and code, then why userscripts) or through installation from a local file, as described in 5 points of the instruction. The second lengthens the installation process, which is correct from the point of view of dispelling a zombie user who is not aware of his actions in the browser window and considers them safe. However, it is possible to prozombirovat 5 points, but it is already more difficult to convince to do an atypical chain of actions in the system compared with the work in the browser window.
This means that there is some progress in security, the developer’s rights are not infringed, he and his browser have not left the free zone. You just need not to place the scripts in the “Store” or once to pay Google $ 5 for such a right.
Now you have to describe the long instructions for installing the extension in the Chrome browser not from its “store”. She almost beats the records of the complexity of the Opera, the link to the instructions for which is given above .
There is a third way to contrive ( prompted from Chromium ): when launching the browser, specify the parameter - enable-easy-off-store-extension-install - installation of the extensions will remain as simple as before. In Windows, it will be convenient to put a parameter in a shortcut, writing in its properties (for example):
+ The 4th method specified by SpiritOfVox in the comments habrahabr.ru/post/150693/#comment_5104872 - write trusted sites to the registry in Windows.
(Similar instruction in English for the English version of the browser.)
We are on the page describing the script, which is usually installed yuzerskript.
1. Click on the “Install” button. We see the download process in the file bar at the bottom of the page.
2. Get the extension downloaded to the computer as a file (download bar at the bottom) and “hit” at the top (la la la- "... only from the online store").
3. We do not believe provocations and act according to the plan " Tse ": open the browser extensions page.
(Or on the tab with the address chrome: // chrome / extensions / .)
4. If the extension is already installed as a previous version, delete the old version (required, otherwise the old one will remain until the browser is restarted).
5. Open the folder containing the downloaded user script file from the lower bar.
UPD 7.09.2012: @kraleksandr suggested that 5-6 can be merged by dragging the file icon directly from the download panel to the list of extensions - well, there is no unnecessary action with the file manager window.
(Here it is, highlighted at the time of viewing.)
6. Drag the user script file to the list of extensions , so that “To install the extension, drag it” appears.
(The appearance of the inscription is important , because if we drag and drop NOT onto the list of extensions, and next to it, there will also appear a sacramental yellow inscription above - supposedly, Chrome does not allow installing extensions not from the store.)
Please note that the previously allowed dropping of userscript to any other open page will also lead to the sacramental phrase from paragraph 2. You can install the script only by opening the extensions page. If such a dialogue is detected - this is the wrong course of the installation, followed by “point 2”.
Do not do this:
7. Release the file, we get the standard security warning.
8. After agreeing to the installation, we get a seamlessly installed user script, which can be used without rebooting the browser, only by reloading the page of the site for which it is intended.
Initially, Chrome immediately became the leader in the ease of installing extensions. Throw on any page, a couple of clicks confirmations - done. Or click on the link and a couple of confirmations. Now we have a complex multistep process, unless the link is in the “store”. Firefox, historically the first browser that introduced userscripts in their current form, once again became the leader of simplicity.
The process of throwing a script in a file in the extension window is a typical way of debugging userscripts, which is familiar to the developer. But it will be new and complex (or at least unusual) for the user, so users will likely more likely want a simple link in the “store” than even a script from well-known and recognized userscripts.org. On the other hand, it will give time to think about whether to trust a script that is not in the store - after all, store scripts promise to control, moderate, that the creators of the browser could not provide on any other site.
Some users will use the launch of Chrome with the option --enable-easy-off-store-extension-install - it will allow you to forget about politics and do business. Most likely, it will be convenient for those who install extensions too often to perform a simple but multi-pass installation procedure every time through a saved file.
References:
* List of Chromium Command Line Switches , 2012-09-02
* habrahabr.ru/post/111666 - Creating and publishing an extension [Opera], January 2011
* Writing extensions for Opera and Chrome: a look at the process , November 28, 2011
* Installation of userscripts in Opera in general cases and for secure pages (https) , March 25, 2012
* support.apple.com/kb/DL1531 - Safari 5.1.7 for Windows, May 09, 2012
* developer.apple.com/programs/safari - Apple Developer Programs for Safari Extensions
* instructions for installing userscript in English for the English version of the browser
PS Tell me how the messages are written in the English version of Chrome, to make them in the instructions.
In the Chrome browser version 21, an innovation has appeared that has been known since its beta version: when you try to install userscript, the browser produces a provocative, but essentially incorrect message (in the bar on the page above):
Extensions, apps, and custom scripts can only be added from the Chrome Web Store. Read more ...Even on August 20, everything was fine, but with the installation of the new version, the politician began to act.
In fact, as they further explain, this statement is incorrect and represents, in fact, a cheap provocative trick that pushes authors to publish extensions in their “store”. The benefit is small, but direct, because the registration of the author is paid ( once $ 5 ), and some of the authors will go to it, because not every user will click the "More ..." link and will think that installing the extensions was possible only from the shop". Even a search in Yandex shows such a typical way of thinking of users:
quote from search
And even some of the authors on a world scale are quite a lot, the bill will go, I think, to tens of thousands; You can expect jubilant reports of marketers in the company's official correspondence already in the first month of innovations.When installing, he writes: “Extensions, applications and user scripts can only be added from the Chrome Web Store.” ... forgive me, I can say something stupid, the new chrome version 21.0.1180.60 m doesn’t want to install your extension into anything, writes that extensions can only be installed from the Chrome APP store, give a link to your Chrome extension in the store, or the exact name to search for it there.
')
Definitely, this is something new in the world of desktop browsers, previously encountered only in Appstore and similar closed environments. Well, read on, is it possible to continue using extensions and scripts in this browser without making money in a store that is not related to you?
By clicking on " Read more ... " we see the page:
Text screenshot
Repetition in case of no pictures
Add extensions from other websites
We strive to make work on the Internet more secure. To do this, we recently changed the rules for adding extensions to your browser that are not in the Chrome Web Store. Previously, any website could suggest you add your extension to your browser. In the latest version of Google Chrome, the user must explicitly indicate that he wants to install such a component by adding it on the "Extensions" page.
Reasons for change
So that you can work safely on the Internet, a group of analysts and technicians are checking all the extensions in our store. This allows you to find malicious programs and prevent them from entering the store. Unfortunately, we cannot guarantee the reliability of extensions on other websites. For example, hackers can create sites that automatically launch the installation of malware. Such extensions can secretly keep track of all the data you enter on the Internet. This allows attackers to use the information for their own purposes.
Thanks to changes in the installation procedure for extensions, websites cannot automatically start this process, and you can better control the extensions you add to Chrome.
To developers: If you are distributing an extension using your website, we recommend that you add it to the Chrome Web Store. Additional instructions on how to add products to the Chrome Web Store and how to use the built-in tools that allow you to install an extension directly from your site can be found on the Google website for developers.
Administrators of corporate systems: you can specify the URLs from which you can install extensions, applications and themes directly in the ExtensionInstallSources rules.
Instructions for adding extensions from other websites
It is recommended to add extensions only from those sites that you trust. To do this in Chrome, follow the steps below.
1. Download the extension file from the website and save it to your computer.
2. Click the wrench icon in the toolbar.
3. Select Tools> Extensions.
4. Locate the saved file and drag it to the Extensions page.
5. In the dialog box that opens, check the list of permissions. To continue, click Install.
We strive to make work on the Internet more secure. To do this, we recently changed the rules for adding extensions to your browser that are not in the Chrome Web Store. Previously, any website could suggest you add your extension to your browser. In the latest version of Google Chrome, the user must explicitly indicate that he wants to install such a component by adding it on the "Extensions" page.
Reasons for change
So that you can work safely on the Internet, a group of analysts and technicians are checking all the extensions in our store. This allows you to find malicious programs and prevent them from entering the store. Unfortunately, we cannot guarantee the reliability of extensions on other websites. For example, hackers can create sites that automatically launch the installation of malware. Such extensions can secretly keep track of all the data you enter on the Internet. This allows attackers to use the information for their own purposes.
Thanks to changes in the installation procedure for extensions, websites cannot automatically start this process, and you can better control the extensions you add to Chrome.
To developers: If you are distributing an extension using your website, we recommend that you add it to the Chrome Web Store. Additional instructions on how to add products to the Chrome Web Store and how to use the built-in tools that allow you to install an extension directly from your site can be found on the Google website for developers.
Administrators of corporate systems: you can specify the URLs from which you can install extensions, applications and themes directly in the ExtensionInstallSources rules.
Instructions for adding extensions from other websites
It is recommended to add extensions only from those sites that you trust. To do this in Chrome, follow the steps below.
1. Download the extension file from the website and save it to your computer.
2. Click the wrench icon in the toolbar.
3. Select Tools> Extensions.
4. Locate the saved file and drag it to the Extensions page.
5. In the dialog box that opens, check the list of permissions. To continue, click Install.
Disclaimer for `divorce on the miser`
Especially for those who like to shout out “Do you think it's a pity for $ 5 to support the browser?”, Remember that, for example, Microsoft is never “underway” to pay compensation, so as not to create precedents, we never give a gypsy a “penny” and “do not »To the promotion of a gypsy provokers chorus behind their backs. We remember the saying "Give him a finger - he will bite off his hand" and see the fundamental difference between the scheme of supporting developers in 3 other browsers and innovation in Chrome.
The conclusions are as follows.
Yes, since changing the format of Chrome’s own extensions, which began 1–1.5 months ago, they have been systematically working to block the sources of browser hacking using malicious user scripts and extensions. True, 1.5 years ago they “casually” introduced a (one-time) fee for developers to publish extensions, even free ones. Therefore, if a developer makes an extension for himself or for a narrow circle of acquaintances or for a small community around the site (which happens most often), he can no longer publish the extension in the “store” without entering into a monetary relationship with the browser creator - once, but you will have to make a payment, which is approximately equal to registration using a mobile one - the company will learn additional information about the account holder.
In general, for protection against hackers, for searching for violators, this is even good (MS offered a similar scheme of paid letters for protection against spammers), although, probably, there will easily be ways to create a fake account. On the third hand, they claim that each application is being tested, so the money received is obviously spent on supporting the verification service, and this will be a considerable expense if it is really needed.
Getting developer status for other browsers
For comparison, Safari creates the status of a developer (Start developing Safari extensions today) with a license for a year, but free of charge (for extensions). (There is Safari 5.1.7 for Windows dated May 2012, pushed here support.apple.com/kb/DL1531 (us), ru .)
Firefox has never attempted to monetize developer involvement; He has a section of the site with addons, it can register any user or developer that does not constitute stress or problems. Users can make lists (selections) of their add-ons, follow the lists of others and write reviews, and developers can also publish extensions (add-ons, themes, wallpapers).
Opera also has a policy of moderating developers, but for free. The developer must register: my.opera.com/community/terms-of-service (English, google-trans-Rus. ), But in the conditions there is no word for payment. Google, of course, crossed the boundaries of the need for free popularization and can already allow to tighten the nuts, while the Opera is not very large amount of moderation.
In addition, Opera has built-in support for userscripts and user styles in 2 ways - for all sites and by site. The installation method is the most complicated of all other browsers , but mastered by users.
IE ... Well, they do nothing at all in terms of supporting extensions, others do for them (including browsers). There is only a primitive possibility of installing multisite (for all sites at once) user styles, by analogy with the similar Safari function, but existing from the version of IE7.
Remaining features for chrome
However, Chrome provides, judging by the text of the rules, and 2 workarounds (and again, not all) of installing extensions and user scripts: by writing a special tag with the extension developer code directly on the webpage (funny - if you have access to the page and code, then why userscripts) or through installation from a local file, as described in 5 points of the instruction. The second lengthens the installation process, which is correct from the point of view of dispelling a zombie user who is not aware of his actions in the browser window and considers them safe. However, it is possible to prozombirovat 5 points, but it is already more difficult to convince to do an atypical chain of actions in the system compared with the work in the browser window.
This means that there is some progress in security, the developer’s rights are not infringed, he and his browser have not left the free zone. You just need not to place the scripts in the “Store” or once to pay Google $ 5 for such a right.
Now you have to describe the long instructions for installing the extension in the Chrome browser not from its “store”. She almost beats the records of the complexity of the Opera, the link to the instructions for which is given above .
There is a third way to contrive ( prompted from Chromium ): when launching the browser, specify the parameter - enable-easy-off-store-extension-install - installation of the extensions will remain as simple as before. In Windows, it will be convenient to put a parameter in a shortcut, writing in its properties (for example):
:\Program Files\Google\Chrome\Application\chrome.exe --enable-easy-off-store-extension-install + The 4th method specified by SpiritOfVox in the comments habrahabr.ru/post/150693/#comment_5104872 - write trusted sites to the registry in Windows.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources] "1"="http://userscripts.org/*" User installation instructions from userscripts.org
(Similar instruction in English for the English version of the browser.)
We are on the page describing the script, which is usually installed yuzerskript.
1. Click on the “Install” button. We see the download process in the file bar at the bottom of the page.
2. Get the extension downloaded to the computer as a file (download bar at the bottom) and “hit” at the top (la la la- "... only from the online store").
3. We do not believe provocations and act according to the plan " Tse ": open the browser extensions page.
(Or on the tab with the address chrome: // chrome / extensions / .)
4. If the extension is already installed as a previous version, delete the old version (required, otherwise the old one will remain until the browser is restarted).
5. Open the folder containing the downloaded user script file from the lower bar.
UPD 7.09.2012: @kraleksandr suggested that 5-6 can be merged by dragging the file icon directly from the download panel to the list of extensions - well, there is no unnecessary action with the file manager window.
(Here it is, highlighted at the time of viewing.)
6. Drag the user script file to the list of extensions , so that “To install the extension, drag it” appears.
(The appearance of the inscription is important , because if we drag and drop NOT onto the list of extensions, and next to it, there will also appear a sacramental yellow inscription above - supposedly, Chrome does not allow installing extensions not from the store.)
Please note that the previously allowed dropping of userscript to any other open page will also lead to the sacramental phrase from paragraph 2. You can install the script only by opening the extensions page. If such a dialogue is detected - this is the wrong course of the installation, followed by “point 2”.
Do not do this:
7. Release the file, we get the standard security warning.
8. After agreeing to the installation, we get a seamlessly installed user script, which can be used without rebooting the browser, only by reloading the page of the site for which it is intended.
Conclusion
Initially, Chrome immediately became the leader in the ease of installing extensions. Throw on any page, a couple of clicks confirmations - done. Or click on the link and a couple of confirmations. Now we have a complex multistep process, unless the link is in the “store”. Firefox, historically the first browser that introduced userscripts in their current form, once again became the leader of simplicity.
The process of throwing a script in a file in the extension window is a typical way of debugging userscripts, which is familiar to the developer. But it will be new and complex (or at least unusual) for the user, so users will likely more likely want a simple link in the “store” than even a script from well-known and recognized userscripts.org. On the other hand, it will give time to think about whether to trust a script that is not in the store - after all, store scripts promise to control, moderate, that the creators of the browser could not provide on any other site.
Some users will use the launch of Chrome with the option --enable-easy-off-store-extension-install - it will allow you to forget about politics and do business. Most likely, it will be convenient for those who install extensions too often to perform a simple but multi-pass installation procedure every time through a saved file.
References:
* List of Chromium Command Line Switches , 2012-09-02
* habrahabr.ru/post/111666 - Creating and publishing an extension [Opera], January 2011
* Writing extensions for Opera and Chrome: a look at the process , November 28, 2011
* Installation of userscripts in Opera in general cases and for secure pages (https) , March 25, 2012
* support.apple.com/kb/DL1531 - Safari 5.1.7 for Windows, May 09, 2012
* developer.apple.com/programs/safari - Apple Developer Programs for Safari Extensions
* instructions for installing userscript in English for the English version of the browser
PS Tell me how the messages are written in the English version of Chrome, to make them in the instructions.
Source: https://habr.com/ru/post/150693/
All Articles