开发者

Don't allow changing document.domain value

I need to deny changing document.domain. Say, if I run this code at foo.boo.com

Object.defineProperty(document, 'domain', { 
    get: function () {
        return 'foo.boo.开发者_运维知识库com';
    }
});

and then will it be possible to set document.domain to boo.com? I ask because I want to deny changing document.domain by untrusted code.


The code you propose does not appear to work at all. Safari:

Don't allow changing document.domain value

A demonstration of it failing to prevent modification of document.domain in Chrome:

Don't allow changing document.domain value

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜