freeze-prototypes

0.1.2 • Public • Published

freeze-prototypes

Freezes common prototypes like Array.prototype to avoid any library messing with them

Read Unapply attack

NPM info

Build status

Use

Include after main trusted libraries are loaded, maybe before your own app code, but before untrusted 3rd party code

<script src="//cdn/jquery.js"></script>
<script src="//cdn/angular.js"></script>
<script src="dist/freeze-prototypes.js"></script>
<script src="<your app code>"></script> 
<script src="<untrusted 3rd party code>"></script> 

Old browsers

If you run in an old browser that does NOT have Object.freeze, then it is

  • insecure browser
  • can be worked around to avoid crashing inside freeze-prototypes
<script>
// fake version to let freeze-prototypes to pass
Object.freeze = function nothing() {};
</script> 
<script src="dist/freeze-prototypes.js"></script>

Small print

Author: Gleb Bahmutov © 2015

License: MIT - do anything with the code, but don't blame me if it does not work.

Spread the word: tweet, star on github, etc.

Support: if you find any problems with this module, email / tweet / open issue on Github

Package Sidebar

Install

npm i freeze-prototypes

Weekly Downloads

4

Version

0.1.2

License

MIT

Last publish

Collaborators

  • bahmutov