代理 document.cookie [英] Proxying of document.cookie
问题描述
我需要记录 document.cookie 的设置.我无法仅使用 document.cookie = {...}
重新定义 cookie 属性,因此我需要为 document.cookie 获取 setter.但是 Object.getOwnPropertyDescriptor(document, "cookie")
返回 undefined
.
I need to log setting of document.cookie. I can not redefine cookie property just with document.cookie = {...}
So I need to get setter for document.cookie. But Object.getOwnPropertyDescriptor(document, "cookie")
returns undefined
.
更新.在编写问题时,我找到了一个可行的解决方案,但它使用了已弃用的 __lookupGetter__
和 __lookupSetter__
方法.有没有不使用过时 API 的解决方案?
UPD. While I was writing the question I found a working solution, but it uses deprecated __lookupGetter__
and __lookupSetter__
methods. Is there any solution which doesn't use obsolete API?
推荐答案
访问 getter 和 setter 的标准化方式是使用 Object.getOwnPropertyDescriptor
,但顾名思义,它只查看对象自己的属性(它不查找原型链).document
是 HTMLDocument
的一个实例,它继承自 Document
.在现代浏览器中,cookie
属性定义在 Document.prototype
上,而在旧版本的 Firefox 中,它定义在 HTMLDocument.prototype
上.>
The standardized way of accessing getters and setters is with Object.getOwnPropertyDescriptor
, but as the name suggests, it only looks on the objects own properties (it does not look up the prototype chain). document
is an instance of HTMLDocument
, which inherits from Document
. In modern browsers the cookie
property is defined on Document.prototype
, whereas in older versions of Firefox it is defined on HTMLDocument.prototype
.
var cookieDesc = Object.getOwnPropertyDescriptor(Document.prototype, 'cookie') ||
Object.getOwnPropertyDescriptor(HTMLDocument.prototype, 'cookie');
if (cookieDesc && cookieDesc.configurable) {
Object.defineProperty(document, 'cookie', {
get: function () {
return cookieDesc.get.call(document);
},
set: function (val) {
console.log(val);
cookieDesc.set.call(document, val);
}
});
}
具有讽刺意味的是,在最注重隐私的浏览器 Safari 中,描述符已将 configurable
设置为 false 并且不包含 getter 和 setter,也不包含__lookupGetter__
或 __lookupSetter__
.所以我还没有找到在 Safari 中覆盖 document.cookie
的方法(OS X 和 iOS 9.0.2 上的 8.0.8).WebKit nightly 的行为方式与 Safari 相同,因此它似乎不会很快得到修复.
Ironically, in the most privacy-concerned browser Safari, the descriptor has set configurable
to false and does not contain the getter nor setter, and neither does __lookupGetter__
or __lookupSetter__
. So I haven't found a way to override document.cookie
in Safari yet (8.0.8 on OS X and iOS 9.0.2). WebKit nightly acts the same way as Safari, so it doesn't seem to get fixed anytime soon.
2019 年 10 月更新: 在 MacOS Mojave 上的 Safari 12.1.2 中测试了上述代码,并且 cookieDesk
现在可以配置了!这意味着我的 概念证明 document.cookie
保护 从 2015 年开始现在可能真的可以工作:)
Update October 2019: Tested the above code in Safari 12.1.2 on MacOS Mojave, and cookieDesk
is now configurable! This means my proof of concept document.cookie
protection from 2015 might actually work now :)
这篇关于代理 document.cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!