• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 557
  • Last Modified:

Redefining builtin functions

JavaScript is an amazing language.  I love it.  But there's problems too! =)
In JS one can redefine builtin functions.  In short, demonstrated in this page:

<html>
<head>
<script>
prompt=function(){alert("You cannot use prompt!");}
</script>
</head>
<body>
<a href="javascript:prompt('What is the secret?');">Ask</a>
</body>
</head>

This effects me because I've written a password generator bookmarklet that I'm quite proud of.  But it has the distinct security vulnerability that any site you visit can redefine the prompt command and steal your master input.

Is there a way in JS to detect when a function has been redefined like this?  Is there a way to call the standard builtin function either way?  Any other information that might effect my problem?
0
arantius
Asked:
arantius
  • 5
  • 5
  • 3
  • +1
2 Solutions
 
GwynforWebCommented:
<html>
<head>
<script>
 otherPrompt=prompt
 prompt=function(){alert("You cannot use prompt!");}
</script>
</head>
<body>
 <a href="javascript:otherPrompt('What is the secret?');">Ask</a>
</body>
</head>
0
 
devicCommented:
here is my example:
====================
<html>
<head>
<script>
window.prompt=function(){alert("You cannot use prompt!");}

document.onclick=function ()
{
      if(!(prompt+"").match(/\[native code\]/))
      {
            alert("alaram, we have a situation here!")
            return false;
      }
      return true;
}
</script>
</head>
<body>
<a href="javascript:prompt('What is the secret?','');">Ask</a>

</body>
</html>
0
 
Oliver_DornaufCommented:
Should secret code (password generator) executed in a not trusted environment (internet zone)???
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
arantiusAuthor Commented:
The password generator is a bookmarklet as I mentioned briefly in my original post.  It is trusted, but the sites that you visit which it operates on are not necessarily trusted.
It's here, for reference:  http://www.arantius.com/article/arantius/password+maker+bookmarklet/

In theory, any site you are currently viewing could redefine the prompt method and thus steal the master password.  Which would be bad =)

Gwyn: That won't work in a bookmarklet type of environment.
devic: Interesting, I'm checking that out.
0
 
arantiusAuthor Commented:
devic:  Very close but not quite.

<html>
<head>
<script>
window.prompt=function(){fakeout="[native code]";alert("You cannot use prompt!");}

document.onclick=function ()
{
     if(!(prompt+"").match(/\[native code\]/))
     {
          alert("alaram, we have a situation here!")
          return false;
     }
     return true;
}
</script>
</head>
<body>
<a href="javascript:prompt('What is the secret?','');">Ask</a>

<a href="javascript:alert( prompt.toString() );">Test</a>

</body>
</html>


Yes, this is a very difficult challenge!
0
 
devicCommented:
document.onclick=function ()
{
      if((prompt+"").length!=41)
      {
            alert("alaram, we have a situation here!")
            return false;
      }
      return true;
}
0
 
arantiusAuthor Commented:
Well then it wouldn't be hard to redefine it to contain exactly the right number of characters, and just call an external function!
I suppose the only way is to really check for the entirety of the original content that evaluates to "[native code]" either checking the length as well, or the whole 3 lines of it.
0
 
devicCommented:
arantius, try again

document.onclick=function ()
{
      var p=prompt+"";
      if(p.length!=41 || p.substr(25,13)!="[native code]")
      {
            alert("alaram, we have a situation here!");
            return false;
      }
      return true;
}
0
 
GwynforWebCommented:
try this

document.body.innerHTML+='<iframe name=i1></frame>';
prompt=i1.prompt;
0
 
arantiusAuthor Commented:
Ah yes devic, much closer to perfect.  And sneaky Gwyn, I like it !

These are sufficient answers for me.  I'm going to split the points because it's impossible to choose between those two solutions.
0
 
devicCommented:
yep, I like Gwyn's idea too :)
0
 
GwynforWebCommented:
thx for the points, :)
(make the iframe height and width 0 of course),
0
 
arantiusAuthor Commented:
For a little trivia, I've worked myself to this point.
I'd love one to work but it doesn't (might work with a little tweaking).  Three matches Gwyn's actual suggestion but works in IE only.  Two works in Firefox and IE.


<html>
<head>
<script>
function foo1() {
      i=document.createElement("iframe");
      document.body.appendChild(i);
      i.prompt("Yes?");
}
function foo2() {
      document.body.innerHTML+='<iframe name="i1" height="0" width="0"></frame>';
      i1.prompt("Yes?");
}
function foo3() {
      document.body.innerHTML+='<iframe name="i1" height="0" width="0"></frame>';
      prompt=i1.prompt;      
      prompt("Yes?");
}
window.prompt=function(){alert("hahah!");};
</script>
</head>

<body>
<button onclick="javascript:foo1();">Foo1</button>
<button onclick="javascript:foo2();">Foo2</button>
<button onclick="javascript:foo3();">Foo3</button>
<br>
</body>
</html>
0
 
devicCommented:
hi arantius, check this:
==================
<html>
<head>
<script>
function myprompt(str)
{
      var sp=document.createElement("span");
      sp.innerHTML="<iframe name=sembel_NET style=display:none></iframe>"
      document.body.appendChild(sp);
      return window.frames["sembel_NET"].prompt(str,";)");
}
window.prompt=function(){alert("hahah!");};
</script>
</head>

<body>
<button onclick="alert(myprompt('Yes?'));">Foo1</button>
</body>
</html>
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now