search

MicrosoftEdge / DevTools

Feedback and discussions about Microsoft Edge Developer Tools
MIT License
151 stars 49 forks source link

In DevTools,the reading of the splice attribute can be detected #193

Closed maizi20 closed 8 months ago

maizi20 commented 8 months ago

When the developer tool opens, it automatically reads the 'splice' property of most object types on the console and triggers the getter.

This feature can be used for interference with developer tools and can not be prevented by scripting.

For example:

console.log({
   get splice(){
     location.replace('about:blank')
     //If the console is already open, the splice property of this object will be read and redirected to an empty page.

   }
})

A similar problem exists with the code debugger:

!function(){
  var o={get splice(){location.replace('about:blank')}};
  debugger //When you debug here, redirection is triggered by reading the splice property to the object in scope.
}()

(There is no such bug in Firefox.)

AB#47199348

captainbrosset commented 8 months ago

Thanks a lot!

sethbrenith commented 8 months ago

Thanks for reporting! This bug is now fixed in V8, so the fix should be available in the upcoming version 121 of Edge and Chrome.

captainbrosset commented 8 months ago

Pre-emptively closing this issue based on Seth's message (otherwise I'll forget and it will remain open forever 😄). But feel free to re-open if the problem persists.