freeze-prototypes

Freezes common prototypes like Array.prototype to avoid any library messing with them

Read Unapply attack

Use

Include after main trusted libraries are loaded, maybe before your own app code, but before untrusted 3rd party code

<script src="//cdn/jquery.js"></script>
<script src="//cdn/angular.js"></script>
<script src="dist/freeze-prototypes.js"></script>
<script src="<your app code>"></script> 
<script src="<untrusted 3rd party code>"></script> 

Old browsers

If you run in an old browser that does NOT have Object.freeze, then it is

• insecure browser
• can be worked around to avoid crashing inside freeze-prototypes

<script>
// fake version to let freeze-prototypes to pass
Object.freeze = function nothing() {};
</script> 
<script src="dist/freeze-prototypes.js"></script>

Small print

Author: Gleb Bahmutov © 2015

• @bahmutov
• glebbahmutov.com
• blog

License: MIT - do anything with the code, but don't blame me if it does not work.

Spread the word: tweet, star on github, etc.

Support: if you find any problems with this module, email / tweet / open issue on Github