Steven Englehardt

I'm not sure. I'll need to write a test page for both of these conditions.

This is very well done, and I apologize for taking so long to get to this review. Thanks so much for the contribution! I've just tested this on the Google...

> > Would you mind to rename the `spoof_navigator` config option to `hide_webdriver`. I think that's more descriptive and agnostic to the underlying changes necessary to hide the fact that...

> The [MDN page about content scripts](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts) mentions: > > > Note that in Firefox, content scripts won't be injected into empty iframes at `document_start` even if you specify that...

I think your approach may cause some breakage. Take a look at: `https://www.reddit.com/r/videos/` with and without the spoofing enabled. When it's enabled you'll see the error message: `TypeError: 'javaEnabled' called...

> So, there is a further detection method. Using > > ``` > window.open('').navigator.webdriver > ``` > > the original `webdriver` value is revealed because it accesses the new page's...

Thanks for poking me on this! > @englehardt Any news on this? Momentarily, I have not much time. But if you want to merge the current status I am fine...

> > Do you know why the extension doesn't inject a content script into the newly created window? Is it simply that the script is able to access the webdriver...