InformAction Forums

Hello there,

I love NoScript and RequestPolicy. These are my favourite addons of which I have many. I just have one request.

I really would love to be able to customize the JavaScript DOM that an executing script can use. I have been reading the GreaseMonkey code and it seems it runs the script in a sandbox on the page. It does not intercept the actual javascript calls itself.

The reasons I would like to do this is to:

• Intercept access to window.screen, navigator, java object, navigator.plugins, document.referrer, mimetypes and make them inaccessible
• Turn off the eval function

You can use page-level script surrogates to that effect, see http://hackademix.net/2010/01/06/noscri ... op-unders/

I am guessing I can therefore change noscript.surrogate.popunder.replacement

to redefine my own eval functions and modify the objects usually used for browser sniffing?

I do fear it could be countered by the counters to this:
http://www.thespanner.co.uk/2009/04/08/ ... avascript/