代理 document.cookie [英] Proxying of document.cookie

问题描述

我需要记录 document.cookie 的设置.我无法仅使用 document.cookie = {...} 重新定义 cookie 属性，因此我需要为 document.cookie 获取 setter.但是 Object.getOwnPropertyDescriptor(document, "cookie") 返回 undefined.

I need to log setting of document.cookie. I can not redefine cookie property just with document.cookie = {...} So I need to get setter for document.cookie. But Object.getOwnPropertyDescriptor(document, "cookie") returns undefined.

更新.在编写问题时，我找到了一个可行的解决方案，但它使用了已弃用的 __lookupGetter__ 和 __lookupSetter__ 方法.有没有不使用过时 API 的解决方案?

UPD. While I was writing the question I found a working solution, but it uses deprecated __lookupGetter__ and __lookupSetter__ methods. Is there any solution which doesn't use obsolete API?

推荐答案

访问 getter 和 setter 的标准化方式是使用 Object.getOwnPropertyDescriptor，但顾名思义，它只查看对象自己的属性(它不查找原型链).document 是 HTMLDocument 的一个实例，它继承自 Document.在现代浏览器中，cookie 属性定义在 Document.prototype 上，而在旧版本的 Firefox 中，它定义在 HTMLDocument.prototype 上.>

The standardized way of accessing getters and setters is with Object.getOwnPropertyDescriptor, but as the name suggests, it only looks on the objects own properties (it does not look up the prototype chain). document is an instance of HTMLDocument, which inherits from Document. In modern browsers the cookie property is defined on Document.prototype, whereas in older versions of Firefox it is defined on HTMLDocument.prototype.

var cookieDesc = Object.getOwnPropertyDescriptor(Document.prototype, 'cookie') ||
                 Object.getOwnPropertyDescriptor(HTMLDocument.prototype, 'cookie');
if (cookieDesc && cookieDesc.configurable) {
    Object.defineProperty(document, 'cookie', {
        get: function () {
            return cookieDesc.get.call(document);
        },
        set: function (val) {
            console.log(val);
            cookieDesc.set.call(document, val);
        }
    });
}

具有讽刺意味的是，在最注重隐私的浏览器 Safari 中，描述符已将 configurable 设置为 false 并且不包含 getter 和 setter，也不包含__lookupGetter__ 或 __lookupSetter__.所以我还没有找到在 Safari 中覆盖 document.cookie 的方法(OS X 和 iOS 9.0.2 上的 8.0.8).WebKit nightly 的行为方式与 Safari 相同，因此它似乎不会很快得到修复.

Ironically, in the most privacy-concerned browser Safari, the descriptor has set configurable to false and does not contain the getter nor setter, and neither does __lookupGetter__ or __lookupSetter__. So I haven't found a way to override document.cookie in Safari yet (8.0.8 on OS X and iOS 9.0.2). WebKit nightly acts the same way as Safari, so it doesn't seem to get fixed anytime soon.

2019 年 10 月更新: 在 MacOS Mojave 上的 Safari 12.1.2 中测试了上述代码，并且 cookieDesk 现在可以配置了！这意味着我的 概念证明 document.cookie 保护 从 2015 年开始现在可能真的可以工作:)

Update October 2019: Tested the above code in Safari 12.1.2 on MacOS Mojave, and cookieDesk is now configurable! This means my proof of concept document.cookie protection from 2015 might actually work now :)

这篇关于代理 document.cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！