Created
November 7, 2012 07:08
-
-
Save DigiTec/4029947 to your computer and use it in GitHub Desktop.
Polyfills unsafe functions in WWA so you can inject any content you want without security exceptions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| if (window.MSApp && window.MSApp.execUnsafeLocalFunction) { | |
| (function () { | |
| var _originalWrite = Document.prototype.write; | |
| var _originalWriteln = Document.prototype.writeln; | |
| Object.defineProperties(Document.prototype, { | |
| write: { | |
| value: function write() { | |
| var targetDocument = this; | |
| var targetArguments = arguments; | |
| MSApp.execUnsafeLocalFunction(function () { | |
| _originalWrite.apply(targetDocument, targetArguments); | |
| }); | |
| } | |
| }, | |
| writeln: { | |
| value: function writeln() { | |
| var targetDocument = this; | |
| var targetArguments = arguments; | |
| MSApp.execUnsafeLocalFunction(function () { | |
| _originalWriteln.apply(targetDocument, targetArguments); | |
| }); | |
| } | |
| } | |
| }); | |
| var _originalInnerHTML = Object.getOwnPropertyDescriptor(HTMLElement.prototype, "innerHTML"); | |
| var _originalOuterHTML = Object.getOwnPropertyDescriptor(HTMLElement.prototype, "outerHTML"); | |
| Object.defineProperties(HTMLElement.prototype, { | |
| innerHTML: { | |
| get: _originalInnerHTML.get, | |
| set: function set_innerHTML(value) { | |
| var targetElement = this; | |
| MSApp.execUnsafeLocalFunction(function () { | |
| _originalInnerHTML.set.call(targetElement, value); | |
| }); | |
| } | |
| }, | |
| outerHTML: { | |
| get: _originalOuterHTML.get, | |
| set: function set_outerHTML(value) { | |
| var targetElement = this; | |
| MSApp.execUnsafeLocalFunction(function () { | |
| _originalOuterHTML.set.call(targetElement, value); | |
| }); | |
| } | |
| } | |
| }); | |
| })(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
One thing to note about this feature. Having an implicit toStaticHTML at the injection points in your code can protect you from content which you don't control. If you decide to remove this implicit protection then you have to provide it yourself whenever you are working with untrusted content. I know for a fact that many of my games and other websites don't have untrusted content and so removing the protection makes porting to WWA a lot easier. But if you are unsure, you should either not use the poly-fill or you should do your own calls to toStaticHTML.