Last active
August 29, 2015 14:22
-
-
Save AGhost-7/b4d2144faa45c0497af2 to your computer and use it in GitHub Desktop.
Third Party Client-Side Code Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var privateApi = { | |
privateFunction: function() { | |
console.log('this method cannot be invoked by the injected code.'); | |
} | |
}; | |
var api = { | |
log: function() { | |
console.log('Sandbox says'); | |
Array.prototype.forEach.call(arguments, function(arg){ console.log(arg) }); | |
} | |
}; | |
(function(top, window, location, external, chrome, document, speechSynthesis, webkitStorageInfo, indexedDB, webkitIndexedDB, crypto, localStorage, sessionStorage, applicationCache, performance, CSS, console, devicePixelRatio, styleMedia, parent, opener, frames, self, defaultstatus, defaultStatus, status, name, length, closed, pageYOffset, pageXOffset, scrollY, scrollX, screenTop, screenLeft, screenY, screenX, innerWidth, innerHeight, outerWidth, outerHeight, frameElement, clientInformation, navigator, toolbar, statusbar, scrollbars, personalbar, menubar, locationbar, history, screen, ondeviceorientation, ondevicemotion, postMessage, close, blur, focus, onautocompleteerror, onautocomplete, onunload, onstorage, onpopstate, onpageshow, onpagehide, ononline, onoffline, onmessage, onlanguagechange, onhashchange, onbeforeunload, onwaiting, onvolumechange, ontoggle, ontimeupdate, onsuspend, onsubmit, onstalled, onshow, onselect, onseeking, onseeked, onscroll, onresize, onreset, onratechange, onprogress, onplaying, onplay, onpause, onmousewheel, onmouseup, onmouseover, onmouseout, onmousemove, onmouseleave, onmouseenter, onmousedown, onloadstart, onloadedmetadata, onloadeddata, onload, onkeyup, onkeypress, onkeydown, oninvalid, oninput, onfocus, onerror, onended, onemptied, ondurationchange, ondrop, ondragstart, ondragover, ondragleave, ondragenter, ondragend, ondrag, ondblclick, oncuechange, oncontextmenu, onclose, onclick, onchange, oncanplaythrough, oncanplay, oncancel, onblur, onabort, onwheel, onwebkittransitionend, onwebkitanimationstart, onwebkitanimationiteration, onwebkitanimationend, ontransitionend, onsearch, getSelection, print, stop, open, alert, confirm, prompt, find, moveBy, moveTo, resizeBy, resizeTo, matchMedia, getComputedStyle, getMatchedCSSRules, requestAnimationFrame, cancelAnimationFrame, webkitRequestAnimationFrame, webkitCancelAnimationFrame, webkitCancelRequestAnimationFrame, captureEvents, releaseEvents, btoa, atob, setTimeout, clearTimeout, setInterval, clearInterval, scrollBy, scrollTo, scroll, TEMPORARY, PERSISTENT, fetch, webkitRequestFileSystem, webkitResolveLocalFileSystemURL, openDatabase, addEventListener, removeEventListener, dispatchEvent){ | |
(function(api, privateApi){ | |
// You can then inject third party code. | |
// This won't execute on load since its shadowed by a variable of the same | |
// name which is undefined. i.e., you can't call the onload event from here. | |
onload = function() { api.log('loaded'); } | |
// You can then define a public api which is the only thing the third party | |
// can interact with. | |
api.log('hello!'); | |
// The only problem is that you can still set and get global variables, | |
// so all private js logic would have to be non-global or shadowed. | |
foo = 1; | |
})(api, undefined); | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment