[Greasemonkey] Alternative script injection technique proof of concept

Bill Donnelly donnelly at snowcrest.net
Sat Jul 23 03:41:18 EDT 2005

I'm not sure if I understand what you're saying.

If someone redefines
and you
  "delete document.getElementById",
then it will still NOT call the correct native value?

And, if this is true, then there MUST be some _minimum level_
of "scope chain" values that you can delete to ALWAYS achieve
the desired result. Right?

I would think that would be, in most cases (for 'base' methods, e.g.),
two levels:

the prototype value and the non-prototype value (or whatever
that level is called)

So, to be VERY sure, what you should do is:

delete window (not necessary, because window is not redefinable, right?)
delete window.document
delete window.document.getElementById
delete window.document.__proto__.getElementById (?)

Or, what am I missing and/or not understanding?

Aaron Boodman wrote:

 >>So, any time you REALLY want to make sure that someone hasn't
 >>redefined some function/method or property/field, just delete
 >>the reference to it and you are ensured that you will get the
 >>real, native value.
 >This is only true if the prop was redefined on the object you're
 >deleting it from. The problem is that it can be redefined anywhere in
 >the scope chain.
 >gm: document.getElementById("foo")
 >content: document.getElementById = function(){}
 >gm: delete document.getElementById
 >content: document.__proto__.getElementById = function(){}
 >gm: delete document.__proto__.getElementById
 >content: document.__proto__ = new Object();
 >ad infinium...
 >The only way to be sure is to use XPCNativeWrapper. And even then, it
 >only works on XPCOM objects. Greasemonkey 0.4.1 (the next version)
 >will provide two XPCNativeWrapper starting points for user scripts:
 >one for window, and one for document.
 >So with GM 0.4.1 + FF DPa2+, when you do document.getElementById, or
 >window.location.href, you know you're getting the native values.

Jack the Ripper may have been quite insane,
but he had beautiful penmanship.
btw -- Don't look back!
The lemmings are gaining on you.

More information about the Greasemonkey mailing list