Access to source globals and attributes in JavaScript

Question

Access to source globals and attributes in JavaScript

I am working on code that is entered on web pages (using a browser add-on or with a script tag).

The problem is that we want to use a global objects and variables such as JSON, window.location, String.split, etc. and their implementation can be changed on the web page. This can cause our code to crash, and this is a security issue.

Example:

>>> String.prototype.split = function() { return 'foo'; };
function()
>>> 'a,b,c'.split(',');  // gives unexpected result
"foo"

So, is there a way to access the default implementation and functions of the browser, as it was before they were changed? It does not have to be standard, I just want the functionality to exist.

+5

javascript security global-variables

Martin Vilcans Jun 12 '12 at 9:16

source share

1 answer

Saul · Accepted Answer · 2012-06-12T09:22:02+0000

Update

, <iframe> .

, String.prototype.split , <iframe>.

<html>
<head>
<script type="text/javascript">
    function onBodyLoad() {

        String.prototype.split = function() { return 'foo'; }; // contaminate original window
        console.log(String.prototype.split); // yeah, it contaminated

        var acr = document.getElementById("accessor");
        acr.onclick = function ()
        {
            var dummyFrame = document.createElement("iframe");
            document.body.appendChild(dummyFrame); 
            console.log(dummyFrame.contentWindow.String.prototype.split); // uncontaminated
        }
    }
</script>
</head>
<body onload="onBodyLoad()">
    <a href="#" id="accessor">Access iframe Window object</a>
</body>
</html>

~~; - .~~

, , , , script. , .

Access to source globals and attributes in JavaScript

Update

More articles: