Page 2 of 2
Re: Blocking on an API basis
Posted: Sun Apr 12, 2015 8:09 pm
by phyks
Well, I had a try with Object.defineProperty, but I could not get it to work fine with RTCPeerConnection. On the contrary, my (not so nice) solution to set brutally mozRTCPeerConnection to false seems to be working.
I had a look with a debugger, and trying to access window.mozRTCPeerConnection returns false (in the console), and so does it in the script running (with a breakpoint in the if statement with the iframe trick, I can confirm it enters the iframe due to this script).
Re: Blocking on an API basis
Posted: Sun Apr 12, 2015 8:37 pm
by barbaz
Looks like you need to supply a getter that returns a function.
Code: Select all
Object.defineProperty(window, 'mozRTCPeerConnection', {get:function(){console.log('rtc');return function(){};},set:function(){}});
(Weird, that wasn't needed before...)
Re: Blocking on an API basis
Posted: Mon Apr 13, 2015 1:29 pm
by phyks
Indeed, it works. Thanks a lot!
It's really weird that I have to return a function in the getter… Do you have any idea why is this happening? Especially as manually overriding mozRTCPeerConnection, brutally, was working, but only in the main window and not in the iframe.
Thanks
Re: Blocking on an API basis
Posted: Mon Apr 13, 2015 4:27 pm
by barbaz
phyks wrote:It's really weird that I have to return a function in the getter… Do you have any idea why is this happening?
No, it's black magic to me.
I have no idea why I even tried that in the first place.
Also, that trick isn't needed in SeaMonkey.
Re: Blocking on an API basis
Posted: Mon Apr 13, 2015 10:38 pm
by phyks
Arf =( I am not a huge fan of black magic,especially when it comes to security concerns… But it works and will do the trick for a PoC
I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.
Re: Blocking on an API basis
Posted: Tue Apr 14, 2015 12:18 am
by barbaz
phyks wrote:Arf =( I am not a huge fan of black magic,especially when it comes to security concerns…
+1
phyks wrote:But it works and will do the trick for a PoC
Good, especially since
that PoC is not designed to work around this trick, it's coincidence that it's being difficult here
phyks wrote:I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.
This method is robust for the time being... but please post your findings if you find anything noteworthy or interesting. I too like to block individual JS properties, and if there's a better way I'd like to know.