Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

replacing Function.prototype.call can break violentmonkey

See original GitHub issue

What is the problem?

replacing Function.prototype.call can break violentmonkey if there is // @run-at document-end or // @run-at document-idle userscript that runs on the webpage

How to reproduce it?

install userscript like:

// ==UserScript==
// @name        useless script
// @namespace   http://bzzzzdzzzz.blogspot.com/
// @description does nothing
// @author      BZZZZ
// @include     *
// @version     0.1
// @grant       none
// @run-at      document-end
// ==/UserScript==

undefined;

save this as html file:

<!DOCTYPE html>
<html>
<head>
  <meta charset="UTF-8"/>
  <title>violentmonkey bug demo</title>
  <script type="text/javascript">
    Function.prototype.call=function(cthis,...cargs){
      console.log('Function.prototype.call:\n\tfunction:%O\n\tthis:%O\n\targuments:%O\n\t%O',this,cthis,cargs,Error('dummy error to show call stack'));
      document.write('<h1>open javascript console</h1>');
      return Reflect.apply(this,cthis,cargs);
    };
  </script>
</head>
<body>
</body>
</html>

and open with browser with violentmonkey (works on firefox and brave) 3. if webpage shows “open javascript console” you reproduced the bug 4. open javascript console you will see Function.prototype.call logs but nothing in webpage and userscript calls Function.prototype.call

for developer: to fix this do

const fcall=Function.prototype.call.bind(Function.prototype.call);

before webpage script can replace any native functions and use

fcall(func,thisArg,...args);

instead of

func.call(thisArg,...args);

in injected-web.js

Environment

Violentmonkey version: Violentmonkey v2.13.0

Issue Analytics

State:
Created 2 years ago
Comments:7 (7 by maintainers)

Top GitHub Comments

1reaction

tophfcommented, Sep 25, 2021

Would you test the PR before I merge it? Here it is: dist.zip

1reaction

tophfcommented, Sep 25, 2021

OTOH, it’d be nice to fix to make Violentmonkey more secure…

Top Results From Across the Web

parent webpage can modify javascript objects inside iframe ...

parent webpage can modify javascript objects inside iframe. ... //this doesn't break violentmonkey but can be fixed using Proxy if(open.

Why does changing grant from none to GM_xmlhttpRequest ...

When you grant GM_xmlhttpRequest, it switches on the sandbox -- which means that you cannot access window.XMLHttpRequest like that as it is ...

RU AdList JS Fixes - Source code - Greasy Fork

Install this script? How to install. You will need to install an extension such as Tampermonkey, Greasemonkey or Violentmonkey to install this script....

4. Web Forms - Greasemonkey Hacks [Book] - O'Reilly

This hack modifies web forms to display the form method ( GET or POST ) and action ... for when page script calls...

Inheritance and the prototype chain - JavaScript | MDN

prototype references the same object as the [[Prototype]] of all instances, we can change the behavior of all instances by mutating Box.