example 1 - basic injection
Now click the button.
So what happened here? We instantiated a variable as 0. We used the document object
addEventListener method to increment that variable
onclick. We checked the variable’s value was 0 and it wasn’t. That shows, at the very least,
sendRequest was called.
example 2 - less basic injection
This also works.
When you click the button.
We create a var that captures the original
sendRequest (1). We override
sendRequest (2) with that variable and increment
someNumber (3). Now, when we invoke
sendRequest (2) it does both (1) and (3)!
example 3, 4, and 5 - something you might be able to use
Okay, interesting but not very useful so far. But let’s say I’m one of the many websites that use the Navigator.geolocation API. If my visitor is in the EU, I block them from seeing the site. Annoying? Yes, but, as it turns out, avoidable.
Now, as far as the website knows, I’m visiting from New York. Neat!
beforeunload listener (which has tripped up my UI testing frameworks I don’t know how many times).
Got an all-singing, all-dancing webapp where animations sometimes don’t resolve before you try a
click an element? No reliable way of figuring out when the animations end? Why not try something like this.
We create a
style tag (used to, as the name implies, style HTML) with references to CSS animation properties, set those to
none, then mark that as
!important meaning it’ll be listened to over of other instructions.
what to do next
So if this works then why aren’t more people doing it? Well, here’s the rub. A lot of the time
Edit: this post was edited 13/07/18 to include an animation cancelling injection that I had previously forgotten about.