Eye Dropper
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Picks colors from any website with just two clicks, allowing you to easily identify and capture colors for your projects. Eye Dropper is a great addition to the toolkit of web developers, designers, and creative professionals who need to save and organize their favorite colors in user-friendly palettes. With its intuitive interface and support for various color formats, Eye Dropper streamlines the color selection process without slowing down your browsing experience.
Overview
Pick colors from any website and store them in your palettes.
With just two clicks, Eye Dropper allows you to pick colors from any website without hassle. Whether you're a web developer, designer or creative professional, Eye Dropper is a great addition to your toolkit.
⭐ Key Features:
👉 Web page Picker: Easily select any color from any web page with just two clicks. Eye Dropper provides a quick and intuitive way to identify and capture colors from your favorite websites.
👉 Color Palettes: Save and organize your favorite colors with a user-friendly interface. Create palettes, organize them and ensure consistency across your projects.
👉 Color Picker: Find that color you are looking for. Adjust hues, saturation, and brightness to find the perfect shade for your needs.
👉 Hex, RGB, and More: Eye Dropper supports various color formats, including HEX, RGB, HSL and HSV.
👉 User-friendly and Lightweight: Designed with a focus on simplicity and performance, Eye Dropper works effortlessly without slowing down your browsing experience.
⭐ Why Choose Eye Dropper?
👉 Free software made with ❤️ by single developer.
👉 Eye Dropper is here to stay: In active development since 2010, also first color picking extension for Chrome.
👉 Trusted by more than million users in Chrome Store, with 2,000 positive reviews.
👉 Safe: Doesn't collect your data. Doesn't track you.
Tags
Privacy Practices
Security Analysis — Eye Dropper
Permissions
Code Patterns Detected
External Connections
Package Contents 23 files · 348KB
What This Extension Does
The Eye Dropper extension allows users to pick colors from any website, save them in palettes, and organize their favorite colors. It's a useful tool for web developers, designers, and creative professionals. However, its permissions and code behavior raise some concerns.
Permissions Explained
- activeTabexpected: This permission lets the extension access the current webpage you're viewing.
Technical: The activeTab permission grants access to the tab's content script injection, allowing the extension to inject its own scripts into web pages. This could potentially lead to a medium-risk XSS vector if not properly sanitized. - storageexpected: This permission lets the extension store data locally on your device, such as color palettes and settings.
Technical: The storage permission grants access to local storage, allowing the extension to store and retrieve data. This could potentially lead to a medium-risk data exposure if not properly secured. - scriptingexpected: This permission lets the extension run scripts on your device, which can access and manipulate web pages.
Technical: The scripting permission grants access to content script injection, allowing the extension to inject its own scripts into web pages. This could potentially lead to a medium-risk XSS vector if not properly sanitized.
Your Data
The Eye Dropper extension accesses your current webpage's content, stores data locally on your device, and sends requests to various domains. It does not collect or track user data.
Technical Details
Code Findings
The extension assigns innerHTML directly from user input, which could lead to a potential XSS vector if not properly sanitized.
Technical: The code uses the charCodeAt() method to obfuscate the assignment of innerHTML. This is a common pattern in legitimate extensions, but it's essential to ensure proper sanitization to prevent XSS attacks.
💡 This pattern is commonly used in legitimate extensions for content manipulation and injection.
The extension writes the selected color to your system's clipboard, which can be useful for users who want to quickly copy colors.
Technical: The code uses the navigator.clipboard.writeText() method to write the selected color to the clipboard. This is a legitimate use of the permission and does not pose any security risks.
💡 This is a common pattern in legitimate extensions for providing users with quick access to copied data.
The Eye Dropper extension has some concerning code behavior, including potential XSS vectors and data exposure. However, its permissions are generally aligned with its stated purpose, and it does not collect or track user data. Users should exercise caution when installing extensions that access sensitive permissions and monitor their system for any suspicious activity.
