Prevent script execution with MutationObserver in Firefox?
Posted: Mon May 03, 2021 4:30 pm
(Spinning off from viewtopic.php?p=103934#p103934 to keep that thread on topic -)
(IIRC from other examples, in Chromium this would work, i.e. the alert would not show.)
How do you get MutationObserver to prevent script execution in Firefox? This example doesn't for me -Giorgio Maone wrote: ↑Mon May 03, 2021 2:22 pm MutationObserver callbacks are called after the DOM is modified (but before most side effects of that modification, like repaints or script parsing and execution, happen).
Code: Select all
data:text/html,<meta charset="utf-8"><script>let m=new MutationObserver((ra)=>{for(let r of ra){for(let n of r.addedNodes){if(n.tagName=='SCRIPT')n.remove();}}});m.observe(document.documentElement,{childList:true,subtree:true});window.addEventListener('DOMContentLoaded',(ev)=>{let s=document.createElement('script');s.textContent='alert(1)';document.body.appendChild(s);},false);</script>