Don't allow changing document.domain value
I need to deny changing document.domain
. Say, if I run this code at foo.boo.com
Object.defineProperty(document, 'domain', {
get: function () {
return 'foo.boo.开发者_运维知识库com';
}
});
and then will it be possible to set document.domain
to boo.com? I ask because I want to deny changing document.domain
by untrusted code.
The code you propose does not appear to work at all. Safari:
A demonstration of it failing to prevent modification of document.domain
in Chrome:
精彩评论