InAppBrowser.com icon indicating copy to clipboard operation
InAppBrowser.com copied to clipboard
verified publisher icon KrauseFx

Can not detect injection if code not executed.

Open iwestlin opened this issue 3 years ago • 0 comments

If app injected codes like

    var originGid = document.getElementById
    document.getElementById = id => {
        console.log('document.getElementById', id)
        return originGid(id)
    }

InAppBrowser.com will not be able to detect it unless the page calls document.getElementById('someid')

This can be solved by something like this: https://github.com/iwestlin/InAppBrowser.com/commit/87aec983e51ac13511b63231552e6501ab4f87e0

However there is still a problem: if the injected code also uses Object.defineProperty to overwrite properies, this won't be able to detect it...

Maybe we could use window.addEventListener('error', ...) to catch errors and extract injection info from it, if we set configurable: false to Object.defineProperty ...

iwestlin avatar Aug 22 '22 10:08 iwestlin