security - Firefox or Chrome plugin to block and filter all outgoing connections -

in firefox or chrome i'd prevent private web page making outgoing connections, i.e. if url starts http://myprivatewebpage/ or https://myprivatewebpage/ in browser tab, browser tab must restricted allowed load images, css, fonts, javascript, xmlhttprequest, java applets, flash animations , other resources http://myprivatewebpage/ or https://myprivatewebpage/, i.e. <img src="http://www.google.com/images/logos/ps_logo.png"> (or corresponding <script>new image(...) must not able load image, because it's not on myprivatewebpage. need 100% , foolproof solution: not single resource outside myprivatewebpage can accessible, not @ low probability. there must no resource loading restrictions on web pages other myprivatewebpage, e.g. http://otherwebpage/ must able load images google.com.

please note assume users of myprivatewebpage willing cooperate keep web page private unless it's work them. example, happy install chrome or firefox extension once, , wouldn't offended if see error message stating access denied myprivatewebpage until install extension in supported browser.

the reason why need restriction keep myprivatewebpage private, without exposing information use webmasters of other web pages. if http://www.google.com/images/logos/ps_logo.png allowed, use of myprivatewebpage logged in access.log of google's ps_logo.png, google's webmasters have information how myprivatewebpage used, , don't want that. (in question i'm not interested in whether restriction reasonable, i'm interested in technical solutions , strengths , weaknesses.)

my ideas how implement restriction:

• don't impose restrictions, rely on same origin policy. (this doesn't provide necessary protection, same origin policy lets images pass through.)

• change web application on server generates html, javascript, java applets, flash animations etc. never attempt load outside myprivatewebpage. (this impossibly hard foolproof everywhere on complicated web application, user-generated content.)

• over-sanitize web page using html output filter on server, i.e. remove <script>, <embed> , <object> tags, restrict target of <img src=, <link rel=, <form action= etc. , restrict links in css files. (this can prevent unwanted resources if can remember html tags properly, e.g. mustn't forget <video>. restrictive: removes dyntamic web page functionality javascript, java applets , flash animations; without these web applications useless.)

• sanitize web page, i.e. add html output filter webserver removes offending urls generated html. (this not foolproof, because there can tricky javascript generates disallowed url. doesn't protect against urls loaded java applets , flash animations.)

• install http proxy blocks requests based on url , http referer, , force browser traffic (including myprivatewebpage, otherwebpage, google.com) through http proxy. (this slow down traffic other myprivatewebpage, , maybe doesn't protect if xmlhttprequest()s, java applets or flash animations can forge http referer.)

• find or write firefox or chrome extension intercepts outgoing connections, , blocks them based on url of tab , target url of connection. i've found https://developer.mozilla.org/en/setting_http_request_headers , thinkahead.js in https://addons.mozilla.org/en-us/firefox/addon/thinkahead/ , http://thinkahead.mozdev.org/ . correct it's possible write firefox extension using that? there such firefox extension already?

some links i've found chrome extension:

• http://www.chromium.org/developers/design-documents/extensions/notifications-of-web-request-and-navigation
• https://groups.google.com/a/chromium.org/group/chromium-extensions/browse_thread/thread/90645ce11e1b3d86?pli=1
• http://code.google.com/chrome/extensions/trunk/experimental.webrequest.html

as far can see, firefox or chrome extension feasible list above. have other suggestions? have pointers how write or find such extension?

i've found https://developer.mozilla.org/en/setting_http_request_headers , thinkahead.js in https://addons.mozilla.org/en-us/firefox/addon/thinkahead/ , http://thinkahead.mozdev.org/ . correct it's possible write firefox extension using that? there such firefox extension already?

i author of latter extension, though have yet update support newer versions of firefox. initial guess that, yes, want:

1. user visits web page without plugin. web page contains thinkahead block send simple version header server, ignored plugin not installed.
2. since server not see header, redirects client page install plugin.
3. user installs plugin.
4. user visits web page plugin. page sends version header server, server allows access.
5. the thinkahead block matches pages not myprivatewebpage, , set http status 403 forbidden. thus:
6. when user visits webpage in myprivatewebpage, there normal behaviour.
7. when user visits webpage outside of myprivatewebpage, access denied.

if want catch bad requests earlier, instead of modifying incoming headers, modify outgoing headers, perhaps screwing "if-match" or "accept" request never honoured.

this solution extremely lightweight, might not strong enough concerns. depends on want protect: given above, client not able see blocked content, external "blocked" hosts might still notice request has been sent, , might able gather information request url.