KrauseFx
override EventTarget.prototype methods
First off, love the project – it is very much needed! I didn't see a way to open an issue nor contribution guidelines, I'm sure you're busy at the moment so feel free to disregard, reply to this whenever, or let me know if there's a better way than an unsolicited PR from someone on the Internet.
Anyway I noticed a malicious site can circumvent the override on window.addEventListener by doing EventTarget.prototype.addEventListener.call(window, eventName, handler). In this patch, instead the underlying prototype methods are overridden. To test, the following code will trip the potentially dangerous warning on this branch but not on master.
EventTarget.prototype.addEventListener.call(window, "keypress", (e) => { /* something fishy */ })
I'm only logging handlers on document and window but it adding document.body might be a good idea.
Deploy Preview for inappbrowser ready!
| Name | Link |
|---|---|
| Latest commit | 951eb85bf7004e9d0c5901925333f2fd3a69a342 |
| Latest deploy log | https://app.netlify.com/sites/inappbrowser/deploys/62fefad65871ab00098ab634 |
| Deploy Preview | https://deploy-preview-1--inappbrowser.netlify.app/ |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site settings.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you @bttmly, yes, I have to respond to lots of incoming messages now, but will take a look at this as soon as I can. Thank you!
