alt Hacker NewsWhy is JavaScript running in a page even allowed to know what extensions I have? Is this also what sites use to see I've got an ad blocker?
Just run everything in a safe environment that it can't look out of.
Why is JavaScript running in a page even allowed to know what extensions I have? Is this also what sites use to see I've got an ad blocker?
Just run everything in a safe environment that it can't look out of.
The page isn't allowed to know what extensions you have, instead LinkedIn is looking for various evidence that extensions are installed, like if an extension was to create a specific html element, LinkedIn could look for evidence of that element being there.
Since the extensions are running on the same page as LinkedIn (some of them are explicitly modifying the LinkedIn the website) it's impossible to sandbox them so that linked in can't see evidence of them. And yes this is how a site knows you have an ad blocker is installed.