Detailed explanation of function hijacking examples in JavaScript

Function hijacking, as the name suggests, hijacks a function before it runs and adds the functionality we want. When this function is actually run, it is no longer the original function, but has the functions we added. This is also one of the principles of our common hook functions.
At first glance, this looks like a rewriting of a function. Function rewriting can also be understood as a type of function hijacking, but this method is too disgusting. As a hijacker, after getting benefits from kidnapping, you should also abide by professional ethics and return the person intact, so we have to call back the original function of the function in the appropriate place.
By extension, in fact, we often encounter the concept of "hijacking". For example, if a website is hijacked by an operator, the operator's advertisement will pop up when browsing the website.

Example

Now let’s take a simple example, hijack the alert() function and add a little function to it:

let warn = alertwindow.alert = (t) => {    if (confirm('How are you?')) warn(t)
}

alert('Help me...!!!')

You can open the developer tools Try this example, you will find that Help me...!!! will pop up only if you click OK in confirm.
Next we encapsulate this part of the content and make it a general function:

const hijack = (obj, method, fun) => {
  let orig = obj[method]
  obj[method] = fun(orig)
}

First we define a hijack function, which will first save the original function and then execute the custom function , and the original function will be called inside the custom function.
Then let’s hijack the confirm() function:

hijack(window, 'confirm', (orig) => {  return (text) => {
    alert('HELP ME PLZ!!!')    if (orig.call(this, text)) {
      alert('YOU SEEMS FINE AND I AM LEAVING, GOOD BYE!')
    } else {
      alert('HOLD ON! I AM COMING!!')
    }
  }
})

The function of this function is very simple and I won’t explain it in detail. Just call confirm() and you will know:

Anti-hijacking

Create a new page, open your developer tools console, enter alert, you will see this output:

function alert() { [native code] }

Then use the code at the beginning of this article to change alert() Hijack it and enter alert again on the console. You will see output like this:

function (t) => {    if (confirm('How are you?')) warn(t)
}

From the above example, you can know that to see whether a function has been hijacked, you only need to print it out directly. Can. For system native functions, [native code] means that it is pure and pollution-free.

Related recommendations:

A brief discussion on javascript function hijacking [reprinted from xfocus]_javascript skills

The above is the detailed content of Detailed explanation of function hijacking examples in JavaScript. For more information, please follow other related articles on the PHP Chinese website!