Preventing Third Party Extensions from Installing in Google Chrome

As part of my effort to dump Google Chrome, I deleted my old Google Chrome profiles so that I could create a new empty one for the sole purpose of working on the few add-ons that I'm already working on. Every time I created a new profile in Chrome, I would get extensions in that profile that I didn't install (a Conduit toolbar and an extension called General Crawler). I looked in the control panel, but no apps referenced these extensions and nothing I uninstalled fixed the problem. After some digging, I found out how this was happening and wanted to share.

Why You Shouldn't Use Google Chrome

Before we start, I have a confession to make. I was a Chrome user. As part of my job, I open and close Firefox a lot and it was simply easier to use a browser other than Firefox for my day to day browsing. After what Google has done recently, though, I have no interest in supporting them by using their browser. Here's why.

New CCK Wizard Available for Testing

Update: I've uploaded an even newer version (1.3.5b4) that adds support for removing default bookmarks.

I have made a new version of the CCK Wizard (1.3.5b3) available for testing. It's available on the Download page at Google code.

I have made a major change to when the CCK is initialized in order to workaround a change to how bookmarks are imported in Firefox 14. That Firefox change caused the CCK to not add bookmarks to the toolbar at all. I don't foresee a problem, but please double check that your preferences, bookmarks and registry entities are properly set.

I have also added the single most requested feature to the CCK Wizard - you can make the following modifications to the Firefox UI:

  • Display Bookmarks Toolbar by default
  • Display Add-on Bar by default
  • Display the Menu Bar (on Windows) by default
  • Have tabs on bottom by default

These only apply the first time the browser is started or the CCK is installed, and a user can override them. Also, the bookmarks toolbar will display by default anyway if you have specified items on the bookmarks toolbar (this is how it worked in the past).

PLEASE test this. I'd like to get this one released soon.

MAJOR Change Setting Default Preferences for Firefox 14

IMPORTANT: These locations changed again in Firefox 21. See this post.

If you are running into problems with Firefox 14 not honoring values in you set the default preferences, it's because Firefox preference files have moved from defaults/pref to defaults/preferences and your files have to move as well. (See bug 779437.)

Apparently custom changes to the default preferences were supposed to be there all along, but no one actually knew that (not even Firefox).

So when you are creating JS files for your autoconfig settings or to set the various add-on scopes values, make sure they are in defaults/preferences. (You'll have to create this directory.) Note that this method works fine on Firefox 10 as well. I'll be updating all my posts as I have time.

On a separate note, the CCK is broke on Firefox 14 - it's not creating bookmarks properly. I've tracked the problem down to a Places change, but at this point I am unable to work around it. I've contacted the developer that made the change that broke me, but I haven't heard back. Hopefully he'll be able to point me in the right direction.

I can't stress this enough. PLEASE test on Aurora and Beta if you have the bandwidth to do so. These Firefox 14 issuse should not have been found after Firefox 14 was released. And yes, I'll admit that I've been failing in my testing as well, but to be blunt, I'm not paid for any of the time I spend on enterprise, so it's not one of my top priorities.

The Blue Like Jazz Box

A few months ago, you might have seen me on Twitter or Facebook promoting a movie called Blue Like Jazz. If you don't know the story, you should read it. The movie wasn't going to be made, but through an incredible Kickstarter campaign, they raised almost $350,000 and were able to complete and release the movie.

As part of the promotion for the movie, they hid 28 boxes in 28 cities where the movie was opening. I haven't seen many people talk about the box, so I thought I would do a quick post about the box I found.

Customizing Firefox - Blocking Add-ons

Another question that comes up a lot is how to prevent users from installing add-ons. There's a preference, xpinstall.enabled, but it's useless because it does nothing to prevent access to the Add-ons Manager. The reason this is a problem is because you can install add-ons from AMO there from the Get Add-ons tab. In addition, when you try to install an add-on with the pref set to false, Firefox lets you enable it with one click. So we need to make that preference more effective and we need to hide the add-ons manager.

Best Practices for Overriding the New Tab Page With Your Extension

In Firefox 13 (actually, Firefox 12), Firefox introduced the ability to override the new tab page with the preference browser.newtab.url. For extension developers, this is great because it because it allows us to remove all of the different hacks we were using to add content to the new tab page. Unfortunately it can also create problems as various extensions stomp on each other trying to take over the new tab page.

I've added support for overriding the new tab page to three different extensions, so I've learned a great deal about using this new preference in a way that coexists with other extensions and does the right thing for the user. My goal with this post is to give some best practices for overriding the new tab page in your extension. The code samples in this post assume a basic knowledge of how Firefox extensions work, including preference observers. You probably won't be able to just cut and paste them into your extension.

How My Site Was Hacked

So in case anybody cares, what happened was that I apparently have a theme that got hacked. It appears to be a theme called super blogger had a helper.php file in it's images directory which allowed files to be posted into that directory.

Using that uploaded file, extra code was added to my functions.php file in my standard theme which opened a backdoor and gave free reign.

Many thanks to Alex McKee who helped me track things down.

I recommend reading this post from Dave Meehan for more detail.

FYI, a couple things that should have clued me in (which I'll look for in the future). First, I started getting an error on my admin console about extra data sent before the headers. I stupidly went into functions.php and fixed it (even working with 8Bit support) without noticing the added code. Second, in the source to my pages, there was a misspelled "Wordpres Counter." That should have clued me in as well.