freeze-prototypes
Freezes common prototypes like Array.prototype to avoid any library messing with them
Last updated 6 years ago by bahmutov .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install freeze-prototypes 
SYNC missed versions from official npm registry.

freeze-prototypes

Freezes common prototypes like Array.prototype to avoid any library messing with them

Read Unapply attack

NPM info

Build status

Use

Include after main trusted libraries are loaded, maybe before your own app code, but before untrusted 3rd party code

<script src="//cdn/jquery.js"></script>
<script src="//cdn/angular.js"></script>
<script src="dist/freeze-prototypes.js"></script>
<script src="<your app code>"></script>
<script src="<untrusted 3rd party code>"></script>

Old browsers

If you run in an old browser that does NOT have Object.freeze, then it is

  • insecure browser
  • can be worked around to avoid crashing inside freeze-prototypes
<script>
// fake version to let freeze-prototypes to pass
Object.freeze = function nothing() {};
</script>
<script src="dist/freeze-prototypes.js"></script>

Small print

Author: Gleb Bahmutov © 2015

License: MIT - do anything with the code, but don't blame me if it does not work.

Spread the word: tweet, star on github, etc.

Support: if you find any problems with this module, email / tweet / open issue on Github

Current Tags

  • 0.1.2                                ...           latest (6 years ago)

3 Versions

  • 0.1.2                                ...           6 years ago
  • 0.1.1                                ...           6 years ago
  • 0.1.0                                ...           6 years ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 1
Last Day 0
Last Week 1
Last Month 2
Dependencies (0)
None
Dev Dependencies (6)
Dependents (1)

Copyright 2014 - 2017 © taobao.org |