Here is a simple page:
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Test page</title>
<script type="text/javascript">
function foo (num) {
alert(num);
}
</script>
</head>
<body>
Hello World
<script type="text/javascript">
foo(2);
</script>
</body>
</html>
I'd like to write a Chrome extension to prevent the execute of the bottom script(foo(2)).
I tried to write a content script which removes the last script tag with:
document.body.removeChild(document.body.lastChild);
but it does not work.
I think this may be because the content script runs after the last script line has executed. then I tried to set the run_at to document_start or document_end, but none of them work for me..
I faced the same problem during development of the Don't track me Google User script / extension.
Important note
The window object in a Chrome contentscript cannot be accessed directly, in any way.
I have tested many methods, and the only reliable method is injecting the code through a dynamically created script tag. Have a look at this answer, or my extension's source code for more information.
I solved it by using Object.defineProperty. With this method, you can define a property, and specify information about the getter, setter and property descriptors. In your case:
Object.defineProperty(window, 'foo', {
value: function(){/*This function cannot be overridden*/}
});
Or, if you want to capture the variable, and use it later:
(function() {
var originalFoo = function(){/*Default*/};
Object.defineProperty(window, 'foo', {
get: function(){
if (confirm('function logic')) return function(){/*dummy*/};
else return originalFoo;
},
set: function(fn){originalFoo = fn;}
});
})();
Bug in Chrome 17 Bug #115452 Fixed!
In Chrome 17, using V8 3.7.12.12 (but not in Chrome 16, using V8 3.6.6.19), Function declarations override the property descriptors.
See http://jsfiddle.net/bHUag/
Note that this bug seems to not be applied when the function declaration and property descriptor method are in the same block. This is false, though. The effect is not visible, because function declarations are always evaluated before the code block. So, function foo(){} is evaluated first, then the rest of the code.
<script>
Object.defineProperty(window, 'foo', {value: function(){return 5;} });
</script><script>
function foo(){return 1};
alert(foo()); // Shows 5 in all browsers except for Chrome v17
</script>
I think it's worth mentioning the relatively new metadata item // @unwrap which takes the userscript out of the sandbox that userscripts normally run in. More info:
https://wiki.greasespot.net/Metadata_Block#.40unwrap
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 在下西门庆 的文章《Stop a function from execute with Chrome extension》','https://www.manongdao.com/article-135164.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}