C
ChristophW
Hey guys,
I've been pulling my hair with this problem. I have an application
that hosts multiple IE controls in one process, and all of them are
absolutely isolated from each other (I handle downloading files,
cookies and the like manually under the hood to create this
isolation). The only thing where these windows still interfer is when
some Javascript writes to 'document.cookie'. Since cookies are shared
across all browsers in a process, I have a nasty isolation breach.
I had thought about deriving an object from 'document', overriding the
'cookie' property and defining a variable named 'document' but then I
realized that IE7 and lower does not support properties yet. I also
went as far as textually replacing 'document.cookie' in downloaded
HTML and JS source code with alternative code. That worked until users
of my app browsed scrambled JavaScript code where the simple
replacement fails (basically, the problem that I cannot identify all
occurrences of 'document.cookie' statically).
I'm wondering whether JavaScript that was loaded by a page could
dynamically be monitored and rewritten when statements are executed?
Or is it possible to get notified when new functions and class
prototypes are created? I guess this would require somehow hooking
deep into the JS engine or so. Just some thoughts but I'm open to any
other ideas
If it is of any help, the only JS variants I need to support are for
IE6 and IE7.
Thanks a lot, Christoph
I've been pulling my hair with this problem. I have an application
that hosts multiple IE controls in one process, and all of them are
absolutely isolated from each other (I handle downloading files,
cookies and the like manually under the hood to create this
isolation). The only thing where these windows still interfer is when
some Javascript writes to 'document.cookie'. Since cookies are shared
across all browsers in a process, I have a nasty isolation breach.
I had thought about deriving an object from 'document', overriding the
'cookie' property and defining a variable named 'document' but then I
realized that IE7 and lower does not support properties yet. I also
went as far as textually replacing 'document.cookie' in downloaded
HTML and JS source code with alternative code. That worked until users
of my app browsed scrambled JavaScript code where the simple
replacement fails (basically, the problem that I cannot identify all
occurrences of 'document.cookie' statically).
I'm wondering whether JavaScript that was loaded by a page could
dynamically be monitored and rewritten when statements are executed?
Or is it possible to get notified when new functions and class
prototypes are created? I guess this would require somehow hooking
deep into the JS engine or so. Just some thoughts but I'm open to any
other ideas
If it is of any help, the only JS variants I need to support are for
IE6 and IE7.
Thanks a lot, Christoph