Hacker News new | past | comments | ask | show | jobs | submit login

Ohh right, so your plan would be to essentially check for third-party javascript things running on the same page?

This would be a really easy "security" measure to circumvent, though - I could literally just delete your monkey patch, for a start!




It wasn't my idea so, no, that was never my plan :)

Though, you do raise a valid point, so let's see how it plays out.

    setTimeout = function(){...}
    delete setTimeout  // true - you've removed the patch

    window.setTimeout = function(){...}
    delete window.setTimeout  // true - you've removed the patch

    window.constructor.prototype.setTimeout = function(){...}
    delete window.constructor.prototype.setTimeout  // false - the patch is still there!
I don't know about the hierarchy of the prototype chain up at this level but it seems to work.

Maybe there's some other way of getting to the built-in setTimeout so you can create your own version to mask the one I added?

EDIT you can embed an iframe and rip the native setTimeout from there.


They could listen to the DOMSubtreeModified event in the 10s div.


Nice! There are probably clocks all over the place when you start looking around :)


reddit stops you from embedding it iirc


I tried that too - you can just use any old page that has CORs headers allowing it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: