Ok thank you :) Sent from my smartphone. On Aug 27, 2011 12:30 PM, "Lasse Reichstein" <[email protected]> wrote: > On Sat, Aug 27, 2011 at 1:00 AM, xavierm02 <[email protected]> wrote: > >> How to restore Object.prototype.hasOwnProperty if it has been overwritten? >> >> > Generally, you can't. There is nothing in the ECMAScript language > specification that allows you to restore a property after it has been > overwritten. After all, the original value might not even exist any more - > with no more references to it, it can easily have been garbage collected. > > >> Let's say you have a dumbass doing this: >> >> Object.prototype.hasOwnProperty = 1; >> >> This will never happen, but let's assumje it did. >> > > That might never happen, but someone replacing it with a malicious function > is more likely. > > >> How can you restore the default value? >> > > In pure ECMAScript, you can't. > If someone malicious got to run code in the page before you, you can't trust > anything, and there's nothing you can do. They can install a "javascript > rootkit" that takes over all the important functions and replaces them with > something that hides the subterfuge, and that also prevents you from > reversing it. > > You can try using Object.getOwnPropertyDescriptor to see if the object has > the property, but that might be mangled too. > > Or Object.getOwnPropertyNames and check if the property name is in the list. > > > In a browser, you might be able to do something, if the damage isn't total. > > One option is to create a new frame and take the > Object.prototype.hasOwnProperty from there. It's not the same function > object, but it might still might work the same way. > > In some browsers, Safari and Chrome at least, deleting the bad value will > reveal the original value again. > > You can use either Object.getPrototypeOf or __proto__ (with a preference on > the other, because it's not as easily modified) to check: > prop in object && !(prop in object.__proto__) > which is not same check as hasOwnProperty (if the property is both on the > object and also in its prototype chain), but might work in cinch. > > > > I tried several things but none worked... >> >> delete Object.prototype.hasOwnProperty;// true >> Object.prototype.hasOwnProperty;// undefined >> > > Would actually work in Safari and Chrome (since it copies Safari), but > that's not general. > > >> delete Object.prototype;// false >> > >> So I just don't know how to do it... >> >> And how come they protect the prototype but not its properties ? >> > > Design choices leading back to the start of Javascript. They actually want > you to be able to overwrite built-in functions with your own. > Security-wrappers want to do that. So does malicious code :( > > /L > > -- > To view archived discussions from the original JSMentors Mailman list: http://www.mail-archive.com/[email protected]/ > > To search via a non-Google archive, visit here: http://www.mail-archive.com/[email protected]/ > > To unsubscribe from this group, send email to > [email protected]
-- To view archived discussions from the original JSMentors Mailman list: http://www.mail-archive.com/[email protected]/ To search via a non-Google archive, visit here: http://www.mail-archive.com/[email protected]/ To unsubscribe from this group, send email to [email protected]
