Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Zscaler Safe Shopping Available For Opera

June 20, 2011 - 3 min read
Zscaler Safe Shopping is already available for Firefox, Firefox Mobile (aka Fennec) and Google Chrome. Now, you can also download the extension for your Opera 11 browser. A version for Safari will be available soon as well.
Zscaler Safe Shopping extension for Opera

For those not familiar with the extensions, Zscaler Safe Shopping shows a warning when users visit fake or compromised online stores. You can refer to previous posts for further details. You can also find other security extensions and tools from Zscaler on our Research Tools page.
Zscaler Safe Shopping warning for a fake store

You can download the extension on the official Opera Extensions site.

Extension creation

Building an extension for Google Chrome, Opera and Safari is very similar. The Zscaler Safe Shopping source code for these three browsers is about 90% identical. The differences are due primarily to the way that extensions are packaged, in oder to be distributed and in the way that scripts communicate between the browser and the page.

Basically, Zscaler Safe Shopping for these three browsers is separated into two parts:
  • The background process which is used to download the denylist, to do the domain matching and to handle options
  • A script injected on each page/frame to interact with the HTML document: get the page URL, insert a warning, etc.
The page script and the background process can communicate together. The background process has access to the browser as a whole (UI, API, etc.), but not to the tab content. The injected script has access to content on individual tabs. Both scripts can communicate with one another to give the extension full access to the page and browser.

Extension approval

If you want to write your first add-on, Google Chrome is probably the easiest browser to start with. It has good documentation, good tools to test with and package extensions. Google is also the only vendor that does not require any approval to publish extensions to their official store. This is nice for the developers, but users could end up installing unstable, incomplete or dangerous plug-ins. All other vendors require a manual review.
Zscaler Safe Shopping approved on the Opera Extensions site

Opera reviewed our plugin within 24 hours. Firefox took several weeks (the extension is actually not approved yet), but the review process seems much more thorough than the other vendors. This might be due to the fact that their plug-in framework is much more powerful than the other browsers, allowing developers to potentially do a a lot more harm to the security of their entire computer.

The approval for Safari seems to be very opaque. I submitted the plugin more than a week ago and haven't yet received an update. The publishing process is also somewhat strange. For example, they force the developers to host their add-on on their own website. There is no option to upload the extension directly to an Apple owned site.

-- Julien 
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.