"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.
sneakerblack•4mo ago
I think this was posted because the of the recent Npm malware fiasco. The malware monkey-patched native JS functions to replace strings that matched crypto addresses in certain the fetch, and XMLHttpRequest functions:
Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind
pwdisswordfishz•4mo ago
It wasn't, but that is not why.
rasz•4mo ago
>// Store a reference of the original "clean" native function before any
>// other script has a chance to modify it.
joke is on you, adblock loads first and there is no way you will grab unmodified functions to detect it
1718627440•4mo ago
What is this even good for? When someone decides you now run in a JS emulator, why should you care and try to break out?
sgammon•4mo ago
of course one can simply monkey patch `toString`, or provide a symbol such that an object stringifies to that value, but sure
userbinator•4mo ago
"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.
sneakerblack•4mo ago
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...
Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind
pwdisswordfishz•4mo ago