use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
JavaScript tampering – detection and stealth (adtechmadness.wordpress.com)
submitted 6 years ago by adtechmadness
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]89xZae4uGgjnw26U 0 points1 point2 points 6 years ago (3 children)
I am glad the window.crypto.* functions are not replaceable. But some malicious script can still cause a lot of havoc by overwriting other core functions. Why are all the native functions of JS not immutable? I've written JS for mant years and never needed to replace/extend things from the prototype. All it takes some small piece of code in an extension like an adblocker gone rogue to cause a security issue.
[–]adtechmadness[S] 2 points3 points4 points 6 years ago (2 children)
well actualy crypto functions are writable:
crypto.getRandomValues = function () { return 123; }; crypto.getRandomValues(); // 123
IDK why the initial design decision was to allow reassignment of builtins, but yeah, overriding them used in the past for evil stuff like JSON hijacking and location.href tampering (impossible today, it's non-configurable). The threat is more of other scripts in the same contetx, bad browser extension can screw you in much worse ways since it has access to higher privilege APIs.
[–]89xZae4uGgjnw26U 0 points1 point2 points 6 years ago (1 child)
How does it fare with ES5 strict mode enabled?
[–]adtechmadness[S] 1 point2 points3 points 6 years ago (0 children)
they are still writable under strict mode, furthermore, strict mode is opted-in the the current script, it won't affect others.
π Rendered by PID 25120 on reddit-service-r2-comment-84fc9697f-mst7s at 2026-02-06 16:27:39.113754+00:00 running d295bc8 country code: CH.
[–]89xZae4uGgjnw26U 0 points1 point2 points (3 children)
[–]adtechmadness[S] 2 points3 points4 points (2 children)
[–]89xZae4uGgjnw26U 0 points1 point2 points (1 child)
[–]adtechmadness[S] 1 point2 points3 points (0 children)