Adds plugins audit.

[paullewis]

For testing against #101; something of a strawman.

PTAL @igrigorik @samccone

[igrigorik]

Does this mean we don't enforce the check on the page itself?

[paullewis]

I'm open to change here, but the general idea was that if you've got no iframes, or iframes with sandboxes, and no objects on your page, then you're good. Does that fit what you'd want to check?

[paulirish]

Historically, this audit falls into the UX bucket of "Is Mobile Friendly", as it's an indication mobile users will/won't have problems with inaccessible content.

So I'd favor this audit falling into the existing aggregator with that title. (though the path (is-sized-for-mobile-screen/index.js will need an adjustment). Seem reasonable?

[brendankenny]

use the public getter on record.data.url

[paullewis]

Overall I'm having bad feels on this, which is to say it feels like we should have a more accurate "is this page using a plugin?" test. What we have is inference-heavy on CSP and, as I look over the code, I'm not feeling all that great that it does what it says on the tin.

[igrigorik]

@paullewis I think this is the right approach. The key thing about CSP is that it sets a policy which disallows use of plugins.. That is, we're not simply auditing a page snapshot, where the page could inject a plugin at a later point. Yes, it would be nice if CSP has a clean API to query this, but in the meantime, I think this works and is a valuable UX check.

[samccone]

.find() instead of filter since we are only using the [0]

[paulirish]

Closing this for now.

It's a tricky audit to get right (see PSI's for all the corner cases they handle) and it's not a top priority for lighthouse detection right now.

Ilya, if you want to carry the torch on this, we'd definitely review pull requests.