1

Is there any way to prevent a user from overriding a native function?

Example:

var getRand;
(function(){
  'use strict';
  getRand = function(){
    return Math.random();
  }
})();

getRand(); //gives a nice random number

After the page has loaded, overriding in console.

Math.random = function (){ return 0 };

getRand(); //gives 0 :(

Is there any way to prevent native functions from being overridden? Maybe with CSP or sealing the Object... is this even possible?

Improve this question
9
  • 1
    Why are you even trying to do this? You give the user the JS and they are free to do with it as they will - including ignoring it totally. All JS is there is to make the page more interactive (here I am assuming that this is not node.js as this is implied by the question) Commented May 30, 2016 at 19:54
  • Lets say your sending this random number via ajax and want to make sure it's random. Commented May 30, 2016 at 19:57
  • 1
    You cannot be sure of anything that is sent via AJAX. Communication can be modified en-route. Commented May 30, 2016 at 20:00
  • Lets say you're using a firebase promise to retrieve a variable and the data is in a reference which needs access a global. return $fireObject(myObj.$ref().$loaded().then(function(data){ return data * Math.random(); }); The question isn't about the why, just if the concept is possible Commented May 30, 2016 at 20:12
  • 1
    "The question isn't about the why, just if the concept is possible" There would be less useless questions if the questions were about the why rather than how ;) Commented May 30, 2016 at 20:19

1 Answer 1

Reset to default
5

In fact, you can use Object.freeze(Math):

The Object.freeze() method freezes an object: that is, prevents new properties from being added to it; prevents existing properties from being removed; and prevents existing properties, or their enumerability, configurability, or writability, from being changed. In essence the object is made effectively immutable. The method returns the object being frozen.

Object.freeze(Math);

// This won't work or it won't replace
// the function with the whole string...
Math.random = "hello world";

Unless any other library could be relying on extending or modifying Math (for example, maybe a polyfill might need to add a function or whatever to Math but as I said before, it's just a possible issue when freezing a built-in object...).

You can also freeze individual properties...

...using Object.defineProperty(...) to modify an existing property descriptor:

Object.defineProperty(Math, "random", { 
    configurable: false,
    writable: false 
});
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks, this is great!
@rid freeze is not part of Object.prototype btw. It's a direct member of Object.
@ilovetoast I've updated my answer to provide you another approach. Well, actually Object.freeze is equivalent to setting all property descriptors to { writable: false, configurable: false }...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.