Avoid interfering with our own snippets
Environment
Every snippet that is injected in a page, with every version of ABP.
How to reproduce
- visit https://webreflection.github.io/eyeo/snippets/seppuku.html?evil and read
evil 1
andevil 2
- add the filter
webreflection.github.io#$#abort-on-property-read Object.getOwnPropertyDescriptor
- reload the page and see errors in console, plus the
evil 2
alert - update the filter to tackle evil code 2:
webreflection.github.io#$#abort-on-property-read Object.getOwnPropertyDescriptor; abort-on-property-read String.fromCharCode
- refresh the page, see now 3 errors in console, and the alerted
evil 2
despite the filter
Observed behavior
We don't guard against our own primitives to intercept possible global variables, meaning each snippet using Object.getOwnPropertyDescriptor
, or any other globally accessed property, will throw errors and never work as expected, if one of these global properties is targeted.
Expected behavior
There should be no more than 2 errors, and both evil 1
and evil 2
alerts should not appear.