Don't allow changing document.domain value
I need to deny changing document.domain. Say, if I run this code at foo.boo.com
Object.defineProperty(document, 'domain', {
get: function () {
return 'foo.boo.开发者_运维知识库com';
}
});
and then will it be possible to set document.domain to boo.com? I ask because I want to deny changing document.domain by untrusted code.
The code you propose does not appear to work at all. Safari:
A demonstration of it failing to prevent modification of document.domain in Chrome:
加载中,请稍侯......
精彩评论