JavaScript engine interception?

Bug reports and enhancement requests
Post Reply
Chronological
Posts: 3
Joined: Wed Jun 02, 2010 1:20 pm

JavaScript engine interception?

Post by Chronological »

Hello there,

I love NoScript and RequestPolicy. These are my favourite addons of which I have many. I just have one request.

I really would love to be able to customize the JavaScript DOM that an executing script can use. I have been reading the GreaseMonkey code and it seems it runs the script in a sandbox on the page. It does not intercept the actual javascript calls itself.

The reasons I would like to do this is to:
  • Intercept access to window.screen, navigator, java object, navigator.plugins, document.referrer, mimetypes and make them inaccessible
  • Turn off the eval function
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9524
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: JavaScript engine interception?

Post by Giorgio Maone »

You can use page-level script surrogates to that effect, see http://hackademix.net/2010/01/06/noscri ... op-unders/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Top
Chronological
Posts: 3
Joined: Wed Jun 02, 2010 1:20 pm

Re: JavaScript engine interception?

Post by Chronological »

I am guessing I can therefore change noscript.surrogate.popunder.replacement

to redefine my own eval functions and modify the objects usually used for browser sniffing?

I do fear it could be countered by the counters to this:
http://www.thespanner.co.uk/2009/04/08/ ... avascript/
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
Top
Post Reply

Return to “NoScript Development”