I’m writing an extension to help improve browser privacy and I was wondering how I would go about redefining a few core Javascript functions that server up identifiable information about the user. For instance, if I wanted to stop the browser from leaking my list of plugins, how do I get my extension to override the PluginArray class?
I am currently loading my contentScript using PageMod and attempting to override PluginArray using smile:
However this code fails with the error: ‘can’t redefine non-configurable property “PluginArray”’. I understand that under normal JavaScript circumstances providing such an override is not allowed. However I’m hoping that there is a lower level API that I can use to bypass these security restrictions.
Javascript doesn’t have classes, only objects Well actually, javascript does have classes now, but that isn’t what you’re dealing with. Nothing has really changed except some new syntax, and that isn’t even supported until Firefox 45.
Thanks for the information @noitidart. Unfortunately I still am not having success overriding any of the core javascript objects and functions. Do you happen to have any examples of replacing a core object like window.navigator, window.PluginArray, window.navigator.plugins, Date.getTimeoneOffset ?
To clarify what I’m doing, I thought I would include some of my code. When a page loads, I’m loading a contentScript using PageMode:
Then in test.js I attempt to override window.navigator.userAgent using the following code:
window.navigator.__defineGetter__('userAgent', function () {
return 'Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206';
});
console.log(window.navigator.userAgent);
The logging statement shows the updated userAgent but when I open the console inside of the Inspector, window.navigator.userAgent still returns the correct user agent. Am I not initializing the script correctly? Is my contentScript being sandboxed so that other scripts will not see the core object changes?
Ah replacing window.navigator I’m not sure. I recall someone was trying to do that and I wasn’t able to help them. I’ll link that topic as soon as I find it, you should try to get in touch with him, he might have figured it out .
@Endyl Thanks for the information as I believe that’s the main reason for my issues. It looks like I can modify window.navigator but my changes remain in a sandbox. Is there another way to inject javascript other then contentScript?
I believe that this document on interacting with page scripts sounds what I’m looking for. For now I’m breaking out of the sandbox by using the unsafeWindow object. I know that will eventually be removed but it will at least let me move forward with my testing.