[Greasemonkey] Alternative script injection technique proof of
concept
Bill Donnelly
donnelly at snowcrest.net
Sat Jul 23 03:41:18 EDT 2005
I'm not sure if I understand what you're saying.
If someone redefines
document.__proto__.getElementById
AND/or
document.getElementById,
and you
"delete document.getElementById",
then it will still NOT call the correct native value?
And, if this is true, then there MUST be some _minimum level_
of "scope chain" values that you can delete to ALWAYS achieve
the desired result. Right?
I would think that would be, in most cases (for 'base' methods, e.g.),
two levels:
the prototype value and the non-prototype value (or whatever
that level is called)
So, to be VERY sure, what you should do is:
delete window (not necessary, because window is not redefinable, right?)
delete window.document
delete window.document.getElementById
delete window.document.__proto__.getElementById (?)
Or, what am I missing and/or not understanding?
Aaron Boodman wrote:
>>So, any time you REALLY want to make sure that someone hasn't
>>redefined some function/method or property/field, just delete
>>the reference to it and you are ensured that you will get the
>>real, native value.
>
>
>This is only true if the prop was redefined on the object you're
>deleting it from. The problem is that it can be redefined anywhere in
>the scope chain.
>
>gm: document.getElementById("foo")
>content: document.getElementById = function(){}
>gm: delete document.getElementById
>content: document.__proto__.getElementById = function(){}
>gm: delete document.__proto__.getElementById
>content: document.__proto__ = new Object();
>
>ad infinium...
>
>The only way to be sure is to use XPCNativeWrapper. And even then, it
>only works on XPCOM objects. Greasemonkey 0.4.1 (the next version)
>will provide two XPCNativeWrapper starting points for user scripts:
>one for window, and one for document.
>
>So with GM 0.4.1 + FF DPa2+, when you do document.getElementById, or
>window.location.href, you know you're getting the native values.
--
Jack the Ripper may have been quite insane,
but he had beautiful penmanship.
btw -- Don't look back!
The lemmings are gaining on you.
More information about the Greasemonkey
mailing list