All geek questions in one place

How to block javascript function for local area? I want it not to use global variables

Is there a way to prevent the function from being used by global variables like document , window , navigator and other declared global functions?

EDIT1: And if I could choose which global objects would be limited, that would be great, because I would like to let the function use the Math object as an example and it functions ...

+3
source share
2 answers

Is there a way to prevent the use of a function by global variables such as a document, window, navigator, and other declared global functions?

No, if ...

The only way this task is possible is that the lexical domain of functions can be changed - that is, the source is somehow modified, for example, wraps it, as shown below.

Imagine:

 ;(function () { var window = "Hello" // original content function foo () { alert(window) } foo() })()

This approach is often used in libraries to create private namespaces, but in these cases, the original source is also available and designed with this in mind. I used this with document before to change the local version of jQuery.

Although with may look promising at first, itโ€™s important to understand that this is just a lexical construct and also does not introduce dynamic variables.

Happy coding.

+5
source

You can ask your users to limit themselves to ADsafe . On the website:

ADsafe allows you to safely place guest code on the web page (for example, ads or third-party widgets). ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions while at the same time preventing malicious or accidental damage or intrusion. A subset of ADsafe can be checked mechanically with tools such as JSLint so that no human inspection is required to verify the guest code for security. A subset of ADsafe also provides good coding techniques, increasing the likelihood that guest code will work correctly.

If you check the correct box, JSLint will verify that the code is ADsafe-compatible and therefore safe to run on your site.

0
source

Source: https://habr.com/ru/post/1233641/

More articles:


All Articles