some_guard.js

function SOMEGuard(callbackStr) {
	var o = [], flag = true, i, callbackObj;
	callbackStr = callbackStr.replace(/[^\w.]/gi,'').split('.');
	for(i=0;i<callbackStr.length;i++) {
 		o.push(callbackStr[i]);
 		try {
 			callbackObj = Function("return window."+o.join('.'))();
 			if(callbackObj === window.opener) {
 	 			flag = false;
   				break;
  			}
			if(window.HTMLElement) {
				if(callbackObj instanceof HTMLElement) {
					flag = false;
					break;
				}
			} 
			if(window.Node) {
				if(callbackObj instanceof Node) {
					flag = false;
					break;
				}
			}
			if(typeof callbackObj === 'object' && typeof callbackObj.nodeType === 'number' && typeof callbackObj.nodeName === 'string') {
				flag = false;
				break;
			}
			if(callbackStr[i] === 'returnValue') {
				flag = false;
				break;
			}
			
  		} catch(e){
    			flag = false;
  		}
 	}
	return flag;
}

o={func:function(){alert('Called');}};
if(SOMEGuard('o.func')) {
  o.func();
  alert('Allowed');
} else {
  alert('Denied');
}   
if(SOMEGuard('document.body')) {
  alert('Allowed');
} else {
  alert('Denied');
}