decal/main.scpt

## main.scpt
# Misc: --start-maximized --disable-save-password-bubble
# Reduce attack surface: --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps
# Incognito, sandboxing & security stuff: --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins
# TLS Security: --ssl-version-min=tls1.2 --cipher-suite-blacklist=0x000a,0x0035,0x002f,0x009d,0x009c
do shell script "open -a /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new --args --start-maximized --disable-save-password-bubble --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins --ssl-version-min=tls1.2 --cipher-suite-blacklist=0x000a,0x0035,0x002f,0x009d,0x009c"
	# Misc: --start-maximized --disable-save-password-bubble
	# Reduce attack surface: --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps
	# Incognito, sandboxing & security stuff: --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins
	# TLS Security: --ssl-version-min=tls1.2 --cipher-suite-blacklist=0x000a,0x0035,0x002f,0x009d,0x009c
	do shell script "open -a /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new --args --start-maximized --disable-save-password-bubble --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins --ssl-version-min=tls1.2 --cipher-suite-blacklist=0x000a,0x0035,0x002f,0x009d,0x009c"