Skip to content

Commit

Permalink
禁止动态执行代码
Browse files Browse the repository at this point in the history
  • Loading branch information
lyswhut committed Dec 7, 2024
1 parent 4c9db43 commit 5e100f7
Showing 1 changed file with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions android/app/src/main/assets/script/user-api-preload.js
Original file line number Diff line number Diff line change
Expand Up @@ -545,9 +545,25 @@ globalThis.lx_setup = (key, id, name, description, version, author, homepage, ra
globalThis.eval = function() {
throw new Error('eval is not available')
}
globalThis.Function = function() {
throw new Error('Function is not available')
}
const proxyFunctionConstructor = new Proxy(Function.prototype.constructor, {
apply() {
throw new Error('Dynamic code execution is not allowed.')
},
construct() {
throw new Error('Dynamic code execution is not allowed.')
},
})
// eslint-disable-next-line no-extend-native
Object.defineProperty(Function.prototype, 'constructor', {
value: proxyFunctionConstructor,
writable: false,
configurable: false,
enumerable: false,
})
globalThis.Function = proxyFunctionConstructor
// globalThis.Function = function() {
// throw new Error('Function is not available')
// }

const excludes = [
Function.prototype.toString,
Expand Down

0 comments on commit 5e100f7

Please sign in to comment.