Regex Tab Manager

The purpose of this application is to provide K12 Google Workspace administrators with the ability to prevent the use of browser…

The purpose of this application is to provide K12 Google Workspace administrators with the ability to prevent the use of browser tabs and tools normally used to circumvent web filters and classroom management tools. Administrators can use Regex pattern matching to selectively and forcibly close browser tabs of known circumvention tools, with provisions to not enforce tab closure from trusted sources. Settings are easily controlled in the extension's installation policy. Simply modify the example JSON to your needs. When the student devices perform a policy update, the extension will update its definitions. This extension collects absolutely no data from the student device. To my knowledge, this extension should be compliant with COPPA, FERPA, SOPPA, or any other law protecting against the harvesting of information of minors. As mentioned above, Regex patterns are used to close browser tabs which match the pattern of known circumvention methods, and provide overrides for trusted resources. The example JSON blow contains two array elements. The first, called bannedURLs, contains three regex patterns, which will block the three known circumvention methods listed below. The second array, called hostnameOverrides, allows you to enter a DNS / host name that will are allowed to continue opening the banned URLs. There are four circumvention tools this application was specifically designed to combat, with the ability to add your own customization later. 1) about:blank cloaking – The use opening a new browser tab to an about:blank page, using Javascript from the tab of origin to load an iframe element into the about:blank tab of the about:blank tab, and then loading an new site into the iframe element. The purpose of this from the student's perspective is that they about:blank tab is a protected / system reserved tab. To tools such as Securly's GoGuardian's and Hapara's classroom management tools, these tabs are invisible. From the teacher's perspective, the student may still be in a Google Doc, while really on a custom Google Site for games. 2) Web Assembly (WASM) and other locally locally stored offline sites – In the Chrome admin console, you could try to block all local files on the device, but you'll quickly run into complaints for things like PDF's stored on the Google Drive. Student's know this, and will complain to your administrative staff that they can't do school work, even if there are other, simple means of doing so. Knowing your hand will be forced to remove this filter, they are free to play games such as EagleCraft (WASM compiled minecraft) and other games in HTM(X) files. Locally stored files do not appear in classroom manager previews, and since they do not require internet, they can not be filtered. 3) Base64 encoded URL's – Instead of loading a site into an about:blank tab, or storing it as a file offline, some students will encode them into base64, and store them as a bookmark. The same circumvention to classroom managers applies to these as locally stored files. 4) Block chrome:// URLs that are not pre-approved. This prevents new or undiscovered URLs, such as chrome://serviceworker-internals/, from being exploited to turn off extensions. These and other circumvention methods can be rather easily defeated though. By using the Chrome tabs API, we can monitor for newly opened, and opening tabs, and their point of origin. Using regex patterns, we can selectively force those tabs to close, before they are even able to load. Sites like Canvas / Instructure still use about:blank tabs for legitimate purposes though. So an override can be provided, allowing these blocked methods to be executed for only pre-approved host names. { "bannedURLs": { "Value": [ "^about:blank$", "^data:text", "^file:\\/\\/.*htm.*$", "^chrome:\\/\\/(?!os-settings|file-manager|media-app|settings|policy|accessibility|bookmarks|newtab|shortcut-customization|scanning|accessory-update|version|print|help-app|diagnostics|downloads|extensions|history|camera-app|personalization|net-internals\\/#dns).*" ] }, "hostnameOverrides": { "Value": [ "^chrome-extension:\\/\\/", "^https?:\\/\\/([a-z0-9-]+\\.)?instructure\\.com($|\\/.*)", "^https?:\\/\\/([a-z0-9-]+\\.)?canva\\.com($|\\/.*)", "^https?:\\/\\/([a-z0-9-]+\\.)?clevr\\.com($|\\/.*)", "^https?:\\/\\/([a-z0-9-]+\\.)?microsoft\\.com($|\\/.*)", "^https?:\\/\\/classroom\\.google\\.com($|\\/.*)" ] } }