new_audit: avoid plugins (#4218)

GoogleChrome · Jan 10, 2018 · 8436c03 · 8436c03
1 parent b13efad
commit 8436c03
Show file tree

Hide file tree

Showing 7 changed files with 365 additions and 0 deletions.
diff --git a/lighthouse-cli/test/fixtures/seo/seo-failure-cases.html b/lighthouse-cli/test/fixtures/seo/seo-failure-cases.html
@@ -25,5 +25,25 @@ <h2>Anchor text</h2>
   <a href='https://example.com'>click this</a>
   <a href='/test.html'> click this </a>
   <a href='/test.html'>CLICK THIS</a>
+
+  <!-- FAIL(plugins): java applet on page -->
+  <applet code=HelloWorld.class width="200" height="200" id='applet'>
+    Your browser does not support the <code>applet</code> tag.
+  </applet>
+
+  <!-- FAIL(plugins): flash content on page -->
+  <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="590" height="90" id="adobe-embed" align="middle">
+    <param name="movie" value="movie_name.swf"/>
+    <!--[if !IE]>-->
+    <object type="application/x-shockwave-flash" data="movie_name.swf" width="590" height="90">
+      <param name="movie" value="movie_name.swf"/>
+    <!--<![endif]-->
+      <a href="http://www.adobe.com/go/getflash">
+        <img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player"/>
+      </a>
+    <!--[if !IE]>-->
+    </object>
+    <!--<![endif]-->
+  </object>
 </body>
 </html>
diff --git a/lighthouse-cli/test/fixtures/seo/seo-tester.html b/lighthouse-cli/test/fixtures/seo/seo-tester.html
@@ -42,5 +42,7 @@ <h2>Small text</h2>
   <script class='small'>
     // text from SCRIPT tags should be ignored by the font-size audit
   </script>
+  <!-- PASS(plugins): external content does not require java, flash or silverlight -->
+  <object data="test.pdf" type="application/pdf" width="300" height="200"></object>
 </body>
 </html>
diff --git a/lighthouse-cli/test/smokehouse/seo/expectations.js b/lighthouse-cli/test/smokehouse/seo/expectations.js
@@ -57,6 +57,9 @@ module.exports = [
       'hreflang': {
         score: true,
       },
+      'plugins': {
+        score: true,
+      },
     },
   },
   {
@@ -110,6 +113,14 @@ module.exports = [
           },
         },
       },
+      'plugins': {
+        score: false,
+        details: {
+          items: {
+            length: 3,
+          },
+        },
+      },
     },
   },
 ];
diff --git a/lighthouse-core/audits/seo/plugins.js b/lighthouse-core/audits/seo/plugins.js
@@ -0,0 +1,147 @@
+/**
+ * @license Copyright 2018 Google Inc. All Rights Reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+'use strict';
+
+const Audit = require('../audit');
+const URL = require('../../lib/url-shim');
+
+const JAVA_APPLET_TYPE = 'application/x-java-applet';
+const JAVA_BEAN_TYPE = 'application/x-java-bean';
+const TYPE_BLOCKLIST = new Set([
+  'application/x-shockwave-flash',
+  // See https://docs.oracle.com/cd/E19683-01/816-0378/using_tags/index.html
+  JAVA_APPLET_TYPE,
+  JAVA_BEAN_TYPE,
+  // See https://msdn.microsoft.com/es-es/library/cc265156(v=vs.95).aspx
+  'application/x-silverlight',
+  'application/x-silverlight-2',
+]);
+const FILE_EXTENSION_BLOCKLIST = new Set([
+  'swf',
+  'flv',
+  'class',
+  'xap',
+]);
+const SOURCE_PARAMS = new Set([
+  'code',
+  'movie',
+  'source',
+  'src',
+]);
+
+/**
+ * Verifies if given MIME type matches any known plugin MIME type
+ * @param {string} type
+ */
+function isPluginType(type) {
+  type = type.trim().toLowerCase();
+
+  return TYPE_BLOCKLIST.has(type) ||
+    type.startsWith(JAVA_APPLET_TYPE) || // e.g. "application/x-java-applet;jpi-version=1.4"
+    type.startsWith(JAVA_BEAN_TYPE);
+}
+
+/**
+ * Verifies if given url points to a file that has a known plugin extension
+ * @param {string} url
+ */
+function isPluginURL(url) {
+  try {
+    // in order to support relative URLs we need to provied a base URL
+    const filePath = new URL(url, 'http://example.com').pathname;
+    const parts = filePath.split('.');
+
+    return parts.length > 1 && FILE_EXTENSION_BLOCKLIST.has(parts.pop().trim().toLowerCase());
+  } catch (e) {
+    return false;
+  }
+}
+
+class Plugins extends Audit {
+  /**
+   * @return {!AuditMeta}
+   */
+  static get meta() {
+    return {
+      name: 'plugins',
+      description: 'Document avoids plugins.',
+      failureDescription: 'Document uses plugins',
+      helpText: 'Some types of media or content are not playable on mobile devices. ' +
+      '[Learn more](https://developers.google.com/speed/docs/insights/AvoidPlugins).',
+      requiredArtifacts: ['EmbeddedContent'],
+    };
+  }
+
+  /**
+   * @param {!Artifacts} artifacts
+   * @return {!AuditResult}
+   */
+  static audit(artifacts) {
+    const plugins = artifacts.EmbeddedContent
+      .filter(item => {
+        if (item.tagName === 'APPLET') {
+          return true;
+        }
+
+        if (
+          (item.tagName === 'EMBED' || item.tagName === 'OBJECT') &&
+          item.type &&
+          isPluginType(item.type)
+        ) {
+          return true;
+        }
+
+        const embedSrc = item.src || item.code;
+        if (item.tagName === 'EMBED' && embedSrc && isPluginURL(embedSrc)) {
+          return true;
+        }
+
+        if (item.tagName === 'OBJECT' && item.data && isPluginURL(item.data)) {
+          return true;
+        }
+
+        const failingParams = item.params.filter(param =>
+          SOURCE_PARAMS.has(param.name.trim().toLowerCase()) && isPluginURL(param.value)
+        );
+
+        return failingParams.length > 0;
+      })
+      .map(plugin => {
+        const tagName = plugin.tagName.toLowerCase();
+        const attributes = ['src', 'data', 'code', 'type']
+          .reduce((result, attr) => {
+            if (plugin[attr] !== null) {
+              result += ` ${attr}="${plugin[attr]}"`;
+            }
+            return result;
+          }, '');
+        const params = plugin.params
+          .filter(param => SOURCE_PARAMS.has(param.name.trim().toLowerCase()))
+          .map(param => `<param ${param.name}="${param.value}" />`)
+          .join('');
+
+        return {
+          source: {
+            type: 'node',
+            snippet: `<${tagName}${attributes}>${params}</${tagName}>`,
+          },
+        };
+      });
+
+    const headings = [
+      {key: 'source', itemType: 'code', text: 'Source'},
+    ];
+
+    const details = Audit.makeTableDetails(headings, plugins);
+
+    return {
+      rawValue: plugins.length === 0,
+      details,
+    };
+  }
+}
+
+module.exports = Plugins;
diff --git a/lighthouse-core/config/default.js b/lighthouse-core/config/default.js
@@ -43,6 +43,7 @@ module.exports = {
       'seo/crawlable-links',
       'seo/meta-robots',
       'seo/hreflang',
+      'seo/embedded-content',
     ],
   },
   {
@@ -174,6 +175,7 @@ module.exports = {
     'seo/link-text',
     'seo/is-crawlable',
     'seo/hreflang',
+    'seo/plugins',
     'seo/manual/mobile-friendly',
     'seo/manual/structured-data',
   ],
@@ -391,6 +393,7 @@ module.exports = {
         {id: 'is-crawlable', weight: 1, group: 'seo-crawl'},
         {id: 'hreflang', weight: 1, group: 'seo-content'},
         {id: 'font-size', weight: 1, group: 'seo-mobile'},
+        {id: 'plugins', weight: 1, group: 'seo-content'},
         {id: 'mobile-friendly', weight: 0, group: 'manual-seo-checks'},
         {id: 'structured-data', weight: 0, group: 'manual-seo-checks'},
       ],

diff --git a/lighthouse-core/gather/gatherers/seo/embedded-content.js b/lighthouse-core/gather/gatherers/seo/embedded-content.js
@@ -0,0 +1,41 @@
+/**
+ * @license Copyright 2018 Google Inc. All Rights Reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+'use strict';
+
+const Gatherer = require('../gatherer');
+const DOMHelpers = require('../../../lib/dom-helpers.js');
+
+class EmbeddedContent extends Gatherer {
+  /**
+   * @param {{driver: !Driver}} options Run options
+   * @return {!Promise<Array<{tagName: string, type: ?string, src: ?string, data: ?string, code: ?string, params: Array<{name: string, value: string}>}>>} All <object>s, <embed>s and <applet>s with list of relevant attributes and child properties
+   */
+  afterPass(options) {
+    const expression = `(function() {
+      ${DOMHelpers.getElementsInDocumentFnString}; // define function on page
+      const selector = 'object, embed, applet';
+      const elements = getElementsInDocument(selector);
+      return elements
+        .map(node => ({
+          tagName: node.tagName,
+          type: node.getAttribute('type'),
+          src: node.getAttribute('src'),
+          data: node.getAttribute('data'),
+          code: node.getAttribute('code'),
+          params: Array.from(node.children)
+            .filter(el => el.tagName === 'PARAM')
+            .map(el => ({
+              name: el.getAttribute('name') || '',
+              value: el.getAttribute('value') || '',
+            })),
+        }));
+    })()`;
+
+    return options.driver.evaluateAsync(expression);
+  }
+}
+
+module.exports = EmbeddedContent;