UserScript whitelist for Chromium?

Need a UserScript for Chromium that implements a white list (i.e. the page from other domains must not be loaded) for a dozen or two domains (including ajax, etc.).
Why?
In short: security.
Read more:
There are people not very versed in software and, in particular, safe. They have a primary browser they use.
We need to give them access to multiple Whatcom and sites that have for me (and for them) value. Without message password.
As I thought, the easiest way is to put a separate browser in which to log in to the desired resources. And to prohibit the browser to visit all the other sites, giving out a warning. Thus immediately disappear: phishing, stealing, cook etc. the Limitation extension is needed, that they would not have confused the browser, and confused did not continue to use it.

Why not the expansion?
I found only one extension: "Whitelist for Chrome".
But! Down there hangs a warning:
"When installing Whitelist for Chrome, your browser will warn you that this extension can access your data on all sites, and your browsing history."
In fact, we can only hope for the integrity of the author of the app. And that they will be as conscientious, when you upgrade in the future.


At first glance, nothing particularly complicated — it could be writing a UserScript myself, but to stop the following things:
  • I don't know how to stop/prevent the page from loading/storoniak
  • Here here said: "All the userscripts are run once booted all the main page elements, but did not download pictures. We can say that the userscripts are loaded on DOMContentLoaded event". Unclear how to get around that? Surely there must be some standard mechanism/API.
  • Perhaps this UserScript — is already there.
  • I never wrote extensions.


If you tell me another solution — I would be grateful, but the option with a proxy I did not initially like.
October 3rd 19 at 04:26
3 answers
October 3rd 19 at 04:28
Solution
> "When installing Whitelist for Chrome, your browser will warn you that this extension can access your data on all sites, and your browsing history."
---This is true for userscripts, such is the nature of a scripting language: if you have access to the environment (the window page), you potentially get and change all the data on it.

Extension for blocking, on the contrary, it is more convenient because the script in it (background.js) starts to load the page and can cancel the download at all. Userscript started at the end of the page (without options, or even later). Therefore, to prevent downloading should not be allowed to access pages i.e. to analyze the navigational links and forms. In this system — very easy to have a hole — script can not catch transitions-redirects. It means that security will not provide. The extension (or application/app) — on the contrary, it is possible to build security, except when a malicious page will fall after the opening.
Thanks for the info.
Then, it seems that the extension — a better way. Another would be to be full of confidence... well is never ideal. - Ebony_Gutkowski commented on October 3rd 19 at 04:31
October 3rd 19 at 04:30
It is not clear why does not fit the extension. This warning is in all extensions, in which the manifest is written:
"permissions": ["http://*/*"], etc.
To write such an extension, you need to have such rights.
If there is no trust the author, that it is possible to write an extension for Chrome using webrequests: developer.chrome.com/extensions/webRequest.html
Thanks for the link — look closely.
The trust... the ideal would be to expand open source where you can check everything yourself before installation. But this is a userscript...
I guess that "permissions": ["http://*/*"] or @match * or @include * give a warning. This is understandable, but without source code it is not clear — what else can do this extension. And after the update? I just have little idea how it is possible to control.
I'm not paranoid and if there is a pair of real users (for example, on habré) of this extension with a positive experience — I will use them. - Ebony_Gutkowski commented on October 3rd 19 at 04:33
October 3rd 19 at 04:32
In my opinion, the easiest and iron variant:
1. To register IP sites in hosts
2. Using the Windows firewall to block outgoing connections 53 tcp/udp port (DNS).
3. Close the local admin on any complex password.
1. People need to use a different browser normally.
2. There is not Windows. - Ebony_Gutkowski commented on October 3rd 19 at 04:35
On "not Windows" also have the hosts file and the same iptables.
And what about the "other browsers" — did not understand the idea. That is, it must be a single browser for a specific set of sites, and another for everything else? - Ebony_Gutkowski commented on October 3rd 19 at 04:38
Yes, that's right.
One for a particular set of sites. The second for everything else. - Ebony_Gutkowski commented on October 3rd 19 at 04:41

Find more questions by tags ChromiumExtensions for browsersGoogle ChromeUserscript