Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
security
security = function dom_load_security():void {
const scripts:HTMLCollectionOf<HTMLScriptElement> = document.getElementsByTagName("script"),
exclusions:string[] = [
"", //put relative addresses for your authorized scripts here
],
len:number = scripts.length,
exlen:number = exclusions.length;
let a:number = 0,
b:number = 0,
src:string = "";
// this prevents errors, but it also means you are executing too early.
if (len > 0) {
do {
src = scripts[a].getAttribute("src");
if (src === null) {
break;
}
if (src.indexOf("?") > 0) {
src = src.slice(0, src.indexOf("?"));
}
b = 0;
do {
if (src.indexOf(exclusions[b]) > -1) {
break;
}
b = b + 1;
} while (b < exlen);
if (b === exlen) {
break;
}
a = a + 1;
} while (a < len);
if (a < len) {
let warning:HTMLDivElement = document.createElement("div");
warning.setAttribute("id", "security-warning");
warning.innerHTML = `<h1>Warning</h1><h2>This page contains unauthorized script and may be a security risk.</h2><code>${(src === null) ? scripts[a].innerHTML : src}</code>`;
document.getElementsByTagName("body")[0].insertBefore(warning, document.getElementsByTagName("body")[0].firstChild);
}
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.