Skip to content

Home

Jump to bottom
Andrea edited this page May 10, 2017 · 3 revisions

Welcome to the JSWrapper wiki!

JSWrapping is a Chrome extension prototype which can be used to disable some JavaScript functionalities and make safer login and registration. It is possible to evaluate the page attempts to execute disable features. The actual implementation consists in:

  1. User interface, when disabled does not permits to the page's scripts to execute window.alert, window.prompt, window.confirm, window.open and to change the page url without user's confirmation.
  2. Cookie read, enable or disable the reading access to document.cookie.
  3. Cookie write, enable or disable the modification of document.cookie.
  4. Local Storage, enabled or disabled.
  5. Session Storage, enabled or disabled.
  6. External Communication *.
  7. Navigator, enabled or disabled.
  8. Notification, enabled or disabled.
  9. Eval, disable the window.eval method.

*) External Communication refers to the requests to external url while the user is typing the password inside a login or registration form.

Known issues

  1. Broken registration/login on websites which use a far different url from the one where the form is placed in.
  2. Usability, keep in mind that disabling something reflects on the sites usability

Future works

Whitelist of trusted login/registration urls.

Why should you use it?

Give it a try! We tested registration and login over a set of sites and we blocked something "strange", like our email being sent to and external url (wtf).

Want to know about protecting your JS code from tampering and modification?

PM me.

Clone this wiki locally