"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.
I think this was posted because the of the recent Npm malware fiasco. The malware monkey-patched native JS functions to replace strings that matched crypto addresses in certain the fetch, and XMLHttpRequest functions:
Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind
It wasn't, but that is not why.
of course one can simply monkey patch `toString`, or provide a symbol such that an object stringifies to that value, but sure
>// Store a reference of the original "clean" native function before any
>// other script has a chance to modify it.
joke is on you, adblock loads first and there is no way you will grab unmodified functions to detect it
What is this even good for? When someone decides you now run in a JS emulator, why should you care and try to break out?
Be it for malicious intent
"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.
I think this was posted because the of the recent Npm malware fiasco. The malware monkey-patched native JS functions to replace strings that matched crypto addresses in certain the fetch, and XMLHttpRequest functions:
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...
Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind
It wasn't, but that is not why.
of course one can simply monkey patch `toString`, or provide a symbol such that an object stringifies to that value, but sure
>// Store a reference of the original "clean" native function before any >// other script has a chance to modify it.
joke is on you, adblock loads first and there is no way you will grab unmodified functions to detect it
What is this even good for? When someone decides you now run in a JS emulator, why should you care and try to break out?