Amir Harel

About Me

Client side development is my passion, I breath and eat JavaScript. Combining my business and marketing experience with my development skills allows me to help individuals and businesses to maximize their development projects.
To learn more about how I can help you today, please go to my Services page.

My online presence:
Twitter Updates
Recent Posts
Archives
Tag Cloud

ajax arguments arrays benchmark bug cache callbacks chrome client side cookie debug extensions firefox firefox; extension floating div floating object float menu gmail google greasemonkey height IE iframe javascript join jquery jquery plugin JSON log nested object oriented objects performance persistence plugin prototype recursion resize safari search split stack test toolbar update

Jul

2009

More uses for hijacking methods in Javascript

Problog

This post cover the following topics:

How to hijack a system function in javascript
How to block external scripts from running on your application

In an earlier post i’ve showed how you can hijack a callback function in order to know when an ajax request has been executed. A friend who read the post (now i know someone does) told me that although this is a nice trick there are no use for it, since there are a few, if any, script in greasemonkey who might use it, and other than greasemonkey scripts, no one will ever need it.
I thought about what he said and tried to find new usage for this hijacking technique, and then i thought that if you can hijack a callback method you can also hijack a system method – and this is a very powerful tool.

The Gmail & Greasemonkey Fictionary Example

There are more than a few scripts written for Greasemonkey that tries to enhance or change the way gmail works. Some tries to enhance the look and feel and some focus on the productivity of the user, trying to improve and add functionality. It doesn’t matter what these scripts are trying to do, they all have basic common ground- they always run after the page is loaded.

for our demonstration lets say that Google doesn’t like that greasemonket scripts are running on gmail web pages since they think its degrading gmail’s performance. if you haven’t figured it out from the subtitle, this is not a real scenario, i just made it up to show an example (wow, the things we have to do to avoid lawsuits). As far as i know Greasemonkey scripts doe not harm gmail performance.

By the way, i’m not far from the the truth – not long ago i logged into my gmail account and saw a message from Google telling me that Firebug is slowing gmail with a link to a help page that instruct you how to disable Firebug from running on gmail.

Firebug slows Gmail

So if Google were to decide that they don’t want any javascript running on their application, or if you don’t want any other code to mess up your DOM object – what can you do about it?

Since most of these scripts are being executed after the page has already loaded, we can use the hijack technique to work for our benefit by overriding system functions. There are two approaches for implementing such a technique:

Total denial
Approved access

Total Denial

In this implementation we want to prevent access for DOM objects from everybody except us. The following code demonstrate this technique:


document._myGetElementById = document.getElementById;
document.getElementById = function(id)
{
	throw new Error("access denied!");
};

what we basically did is hijacking the document.getElementById method and replacing it with our own method that throws an error object. Any script that will try to access this method will get this error, while our code will use the replacing method since we know its new name (_myGetelementById).

Of course we can implement this technique on few more system methods in order to increase effectiveness:

createElement
getElementsByTagName

If you don’t want to be so harsh you can return null instead of throwing an exception, but either way, if the external scripts error handing is not sufficient you might experience some strange behavior.

Approved Access

This is basically the same implementation but it’s considered to be a more positive approach since it allows external scripts to access system function by requesting a password. The following code demonstrate this technique:


document._myGetElementById = document.getElementById;
document.getElementById = function(id,pass)
{
	if(pass == "it's me dode")
		return document._myGetElementById(id);
};

i agree that it’s likely that no one will ever use this implementations, but you have to agree that it’s pretty cool, no?

Another use which is more practical for hijacking/overloading system functions is for implementing frameworks – like JQuery for example. In these cases this technique allows the framework writer to change or add functionality into the built in methods of the language.

I think we can find more examples for this hijacking tehnique but i think you’ve got the point.