Acidus wrote:
Jello wrote:
function show_props(obj, obj_name) { var result = "" for (var i in obj) result = obj_name "." i " = " obj[i] "\n" return result; }
Super convenient when peeps don't document their objects.
You can do this on the window object and you get all global objects. This means all global variables and all the user-defined functions! You can valueOf() on the function object to extract the source code! valueOf() even automatically inserts the appropriate whitespace and indenting for you to easily read the code You can recurse down objects and check their childern so this handles JavaScript "names spaces" as well.
Hook this up to a setInterval() call and you can also perform runtime monitoring of the JavaScript environment! On-demand Ajax?, no problem! With firebug, you have the JavaScript equivalent of "View Source." With this method, you have the JavaScript equivalent of "View Generated Source!"
Super convenient when peeps don't document the Ajax applications you are hacking!
Take a read of Chapter 7 of Ajax Security. Bryan and I wrote a JavaScript tool called HOOK which does this very thing! On-demand monitoring and hijacking of JavaScript functions! Even better, it's cross browser. Oh Yeah!
In the interest of disclosure, websec guru Amit Klein came pretty close to this in 2006. He discovered the joy of valueOf() but didn't take the next step of how to discover/enumerate all the user-defined functions in the JavaScript environment.
I know a usability guy that monitors any change to the DOM this way, to track mouse movements, clicks, etc. He generates reports he uses to stylize his web pages this way.
