javascript - Stopping script from changing document.location.href? -
a site browsed (cheezburger.com) has apparently vulnerabilities had injected lines <script>document.location.href="http://net-cheezburger.cu.cc/"</script>
messages. firefox redirected there , x-frame-options stopped framing resulting empty screen.
is there other ways prevent script working in firefox adding caps policy document.location.href on cheezburger sites? blocks legitimate changes too. alert greasemonkey script in wrong place know what's going on if try other malicious scripts.
i'd temporary fix until site fixed.
i'm wondering there way programmatically intercept script or redirection. if i've understood correctly can't change inline scripts greasemonkey there other options?
since you're on firefox (a modern browser), use object.freeze
turn location
object read-only:
object.freeze(document.location); document.location.href = "http://google.com"; // no navigation happens console.log(document.location.href); // => "http://stackoverflow.com/questions/22290948/stopping-script-from-changeing-document-location-href"
Comments
Post a Comment