Verify that the global property / function has been overwritten in JavaScript.

Question

Verify that the global property / function has been overwritten in JavaScript.

JavaScript makes it easy to rewrite the properties and functions of a global object. I would like to find a way to check if the original version of the global property has been replaced.

Think someone put this in their HTML:

<script type="text/javascript">
    window.encodeURIComponent = eval;
</script>
<script type="text/javascript" src="myscript.js"></script>

If myscript.js calls the encodeURIComponent function somewhere, it will now behave unpredictably. So, is there a way to check inside myscript.js if someone has overwritten this function before using it?

+5

javascript overwrite

Goto 0 Apr 22 '12 at 7:33

source share

5 answers

Stan · Answer 1 · 2012-04-22T08:39:16+0000

The only thing I know is a simple approach with parsing a string representation of a function. Usually code

window.encodeURIComponent.toString()

should call something like this:

function encodeURIComponent() { [native code] }

function encodeURIComponent.

eval, , :

function eval() { [native code] }

, window iframe window.[property].toString() iframe.contentWindow.[property].toString(). false, .

Ai_boy · Answer 2 · 2012-04-22T09:29:08+0000

script -

- typeof window.encodeURIComponent.prototype === "undefined"

-

window.encodeURIComponent = function() { eval(); }

typeof window.encodeURIComponent.prototype === "Object"

PS: , , 100% gurante. JavaScript - runtime.. ..

UPDATE .. mine @Stans..

, eval - eval "undefined" ..

window.encodeURIComponent.name === "encodeURIComponent" 
//to make shure that user won't use EVAL 
&& typeof window.encodeURIComponent.prototype === "undefined" 
//to make shure that user won't use self defined function

DCoder · Answer 3 · 2012-04-22T08:34:32+0000

-, :

toString :

Chrome:

"function encodeURIComponent() { [native code] }"

Firefox:

"function encodeURIComponent() {
    [native code]
}"

IE 7/8/9:
"
function encodeURIComponent() {
    [native code]
}
"

, , "[native code]". , , "functionxxx(){[nativecode]}".

, /, :

var pattern = 'function' + propertyName + '(){[nativecode]}';
var func = window[propertyName].toString();
if(func.replace(/\s+/g, '') !== pattern) {
    throw new Error("Property window." + propertyName + " has been modified!");
}

Ai_boy · Answer 4 · 2012-04-22T08:44:23+0000

JavaScript:) HTML, script..

is an OBJECT, so we can save a link to an object and simply compare these links. Just think of a feature like a simple object. How can you compare objects?

<script type="text/javascript">
    var a = window.encodeURIComponent;  // a === window.encodeURIComponent -> true
</script>
<script type="text/javascript">
    window.encodeURIComponent = eval; // a === window.encodeURIComponent -> false
</script>
<script type="text/javascript" src="myscript.js">
    if (a !== window.encodeURIComponent) 
    {
        throw new Error('Someone redefined function');
    }
</script>

Mrskman · Answer 5 · 2015-05-05T13:57:39+0000

How about this?

function isNativeWindowProperty(propertyName) {
    var result = false;
    var iframe = document.createElement('iframe');
    iframe.src = 'javascript:;';
    document.getElementsByTagName('body')[0].appendChild(iframe);
    if (window[propertyName].toString() === iframe.contentWindow[propertyName].toString()) {
        // check window[propertyName].toString override
        if (window[propertyName].toString.toString() === iframe.contentWindow[propertyName].toString.toString()) {
            result = true;
        }
    }
    iframe.parentNode.removeChild(iframe);
    return result;
};

console.log(isNativeWindowProperty('alert'));  // true

window.alert = function() {};
console.log(isNativeWindowProperty('alert'));  // false

window.alert.toString = function() {
    return 'function alert() { [native code] }';
};
console.log(isNativeWindowProperty('alert'));  // false

Verify that the global property / function has been overwritten in JavaScript.

More articles: