I've got a weird question in that I need to inject some javascript into another javascript function. I am using a framework which is locked so I can not change the existing function.
What I've got is something like this
function doSomething(){
...
}
...***
I can manipulate the ***(above) however I can not change the doSomething function... Instead I need to somehow inject a few lines of code into the end of the doSomething code.
The reason I need to do this is that the custom framework calls doSomething() and this results in an ID being returned from the server that I need to extract. This ID is only referenced inside the doSomething function so I can not catch it unless I inject code to that function (unless I've missed something).
Is there a way to do this?
Alias it.
var oldDoSomething = doSomething;
doSomething = function() {
// Do what you need to do.
return oldDoSomething.apply(oldDoSomething, arguments);
}
Thanks for all your feedback. Each answer gave me a clue and as such I've come up with the following solution.
<body>
<script type="text/javascript">
var val;
function doSomething(item1, item2) {
var id = 3;
}
function merge() {
var oScript = document.createElement("script");
var oldDoSomething = doSomething.toString();
oScript.language = "javascript";
oScript.type = "text/javascript";
var args = oldDoSomething.substring(oldDoSomething.indexOf("(") + 1, oldDoSomething.indexOf(")"));
var scr = oldDoSomething.substring(oldDoSomething.indexOf("{") + 1, oldDoSomething.lastIndexOf("}") - 1);
var newScript = "function doSomething(" + args + "){" + scr + " val = id; }";
oScript.text = newScript;
document.getElementsByTagName('BODY').item(0).appendChild(oScript);
}
merge();
</script>
<input type="button" onclick="doSomething();alert(val);" value="xx" />
Altering the function by working with the source code strings can be quite simple. To do it for a specific instance, try:
eval(doSomething.toString().replace(/}\s*$/, ' return id; $&'));
Now doSomething
returns the ID. I'm not normally a fan of eval
, but normal aspect oriented programming techniques don't apply here, due to the requirement for accessing a local variable.
If doSomething
already returns a value, try wrapping the body in a try ... finally
:
eval(doSomething.toString()
.replace(/^function *\w* *\([^)]*\) *{/, '$& try {')
.replace(/}\s*$/, '} finally { window.someID = id; } $&')
);
To turn this into a function, we need to make the code evaluate in global scope. Originally, this answer made use of with
to change the scope of the eval
, but this doesn't currently work in browsers. Instead, .call
is used to change the scope of eval
to window
.
(function () {
var begin = /^function\s*\w*\s*\([^)]*\)\s*{/,
end = /}\s*$/;
function alter(func, replacer) {
var newFunc = replacer(func.toString());
eval.call(window, newFunc);
}
function insertCode(func, replacer, pattern) {
alter(func, function (source) {
return source.replace(pattern, replacer);
});
};
/* Note: explicit `window` to mark these as globals */
window.before = function (func, code) {
return insertCode(func, '$& ' + code, begin);
};
window.after = function (func, code) {
return insertCode(func, code + ' $&', end);
};
window.around = function (func, pre, post) {
/* Can't simply call `before` and `after`, as a partial code insertion may produce a syntax error. */
alter(func, function(source) {
return source
.replace(begin, '$& ' + pre)
.replace(end, post + ' $&');
});
};
})();
...
after(doSomething, 'return id;');
/* or */
around(doSomething, 'try {', '} finally { window.someID = id; }');
If you want to rewrite methods and anonymous functions bound to variables, change alter
to:
...
function alter(func, replacer) {
var newFunc = replacer(eval('window.' + funcName).toString());
eval.call(window, newFunc);
}
...
function Foo() {}
Foo.prototype.bar = function () { var secret=0x09F91102; }
...
after('Foo.prototype.bar', 'return secret;');
Note the first argument to the functions are now strings. Further improvements could be made to handle methods that aren't accessible in global scope.
I'm not sure what you mean by "locked" - JavaScript is interpreted by your browser. Even if it has been minified or encoded, you can still copy the source of that function from source of the page of script. At that point, you reassign the original function to one of your own design, which contains the copied code plus your own.
var id;
var myFunction = function() {
// code copied from their source, which contains the variable needed
// insert your own code, such as for copying the needed value
id = theirIDvalue;
// return the value as originally designed by the function
return theirValue;
};
theirObject.theirFunction = myFunction;
function doSomething() { ... }
var oldVersionOfFunc = doSomething;
doSomething = function() {
var retVal = oldVersionOfFunc.apply(oldVersionOfFunc, args);
// your added code here
return retVal;
}
This seems to provoke an error (Too much recursion)
function doSomething(){ document.write('Test'); return 45; }
var code = 'myDoSomething = ' + doSomething + '; function doSomething() { var id = myDoSomething(); document.write("Test 2"); return id; }';
eval(code)
doSomething();
This works for me, even if it is ugly.
Functions are first class values in Javascript, which means that you can store them in variables (and in fact, declaring a named function is essentially assigning an anonymous function to a variable).
You should be able to do something like this:
function doSomething() { ... }
var oldVersionOfFunc = doSomething;
doSomething = function() {
var retVal = oldVersionOfFunc.apply(oldVersionOfFunc, args);
// your added code here
return retVal;
}
(But, I could be wrong. My javascript's a little rusty. ;))
I can not change the doSomething function... Instead I need to somehow inject a few lines of code into the end of the doSomething code
Injecting a few lines into the end of the doSomething
code sounds like changing the doSomething
function, to me. I think, unfortunately, that you’re screwed.
(I’m a bit hazy on all this, but I think functions are how people who worry about such things implement information hiding in JavaScript, precisely because you can’t access their scope from outside them.)