Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>Test JS secure</title>
- </head>
- <body>
- <div id='tt'>
- try to get me, my id is "tt"<br/>
- write in address url : <br/>
- javascript:alert(1);<br/>
- javascript:tmp_alert(1);<br/>
- javascript:tmp_alert(document.getElementById('tt'));<br/>
- then click here and you'll see as the "alert" AND the "getElementById" are still working ... only protected from you^^
- </div>
- <script type="text/javascript">
- // secure
- (function(){
- // overwrite/protect WINDOW.functions
- var alert = window.alert;
- // overwrite/protect DOCUMENT.functions
- var document_getElementById = document.getElementById;
- var d = {};
- d.getElementById = function(){var r = document_getElementById.apply(document,arguments);return r;};
- // sample
- d.getElementById("tt").onclick=function(){alert(d.getElementById("tt"));this.style.display='none';alert(d.getElementById("tt"));};
- })();
- // erase this next line and nobody'll can do "alert" anymore .. execpt you in the previous code^^
- var tmp_alert = alert;
- window.alert = null;
- document.getElementById = null;
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement