6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Don't allow changing document.domain value\",\"text\":\"

I need to deny changing document.domain. Say, if I run this code at foo.boo.com

\\n\\n

Object.defineProperty(document, 'domain', { \\n    get: function () {\\n        return 'foo.boo.com';\\n    }\\n});\\n

\\n\\n

and then will it be possible to set document.domain to boo.com? I ask because I want to deny changing document.domain by untrusted code.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Polar\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/b9dbf84031ed4af09995727b61f9a592?s=256&d=identicon&r=PG","alt":"Polar","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/938191/polar","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Polar"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",345]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Don't allow changing document.domain value"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I need to deny changing document.domain. Say, if I run this code at foo.boo.com

\n\n

Object.defineProperty(document, 'domain', { \n    get: function () {\n        return 'foo.boo.com';\n    }\n});\n

\n\n

and then will it be possible to set document.domain to boo.com? I ask because I want to deny changing document.domain by untrusted code.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",487]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","7707848",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/a19f9308334d07d4be19c8f6d11151ff?s=256&d=identicon&r=PG","alt":"ceejayoz","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1902010/ceejayoz","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"ceejayoz"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",180065]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

The code you propose does not appear to work at all. Safari:

\n\n

$\"\"$

\n\n

A demonstration of it failing to prevent modification of document.domain in Chrome:

\n\n

$\"enter$

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","66676992",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66676992","className":"text-blue-600 hover:underline","children":"Change just the domain no matter where it exist"}]}],["$","li","2600709",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2600709","className":"text-blue-600 hover:underline","children":"Changing document.domain to completely other domain"}]}],["$","li","42336446",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/42336446","className":"text-blue-600 hover:underline","children":"Set document.domain back to its original value in all browsers?"}]}],["$","li","6898253",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6898253","className":"text-blue-600 hover:underline","children":"Javascript document.domain"}]}],["$","li","2404947",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2404947","className":"text-blue-600 hover:underline","children":"Same-origin policy workaround using document.domain in Javascript"}]}],["$","li","19062472",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19062472","className":"text-blue-600 hover:underline","children":"document.domain same origin policy not working"}]}],["$","li","10940392",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10940392","className":"text-blue-600 hover:underline","children":"Explicitly set document.domain on every page"}]}],["$","li","7845647",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7845647","className":"text-blue-600 hover:underline","children":"How to change the domain of current document?"}]}],["$","li","4819832",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4819832","className":"text-blue-600 hover:underline","children":"Document.domain not functioning as I'm expecting"}]}],["$","li","2765122",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2765122","className":"text-blue-600 hover:underline","children":"Why does setting document.domain require me to set it in all popups and iframes too?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Don&#39;t allow changing document.domain value

Answers (1)

Related Questions

Don't allow changing document.domain value