Disable page parts JavaScript not all but parts

The method discussed in this article has not been applied to a real project myself, because I have not yet come across a project with such a need, but experiments have found that it works.

One, the source of my ideas

JavaScipt is a good thing, it makes the appearance of web pages more lively, of course, the benefits are not just these, and in recent years the hot AJAX application more people began to attach importance to JavaScipt small language (a number of programs cow people do not think of it as a language, at most is a script title, even look down on the script people) application. A number of blogs are now open to scripting rights, allowing users to customize scripts to enrich their own space, especially like some technical professional blogs, providing a fairly relaxed development environment. But we've also found that some blogs restrict certain scripting methods. Notice, I'm talking about partial limits here, but if it's all limits it's a very simple thing to do, just put the < Script> Script blocks are filtered out, but how are some of the restrictions done?

Since I did not encounter such problems in previous projects, I did not do much in-depth research, and at first I just thought of the "substitution" method by feeling. Obviously it doesn't work, because it can go wrong. For example, if I want to disable the alert method, I have the following code:
Some window. Alert (' message ');

Now, to invalidate the above code, just make the alert change, for example, make it all capitalized alert, which will definitely result in a script error, but you can still use try{}catch{} to include the alert, but this is a big problem for the recognition of the forbidden language package, and there will be such an error: document.write('alert some message'); "Alert" has also been replaced.

Then I came up with the idea of method rewriting, rewriting the method to be disabled and letting it do nothing, and it turned out to be really feasible, but I don't know if it's a scientific method, so I took it out and discussed it with everyone.

Two, concrete implementation

First look at the following code, to achieve the "alert", "write" two methods to disable:

window.alert=function(){}
document.write=function(){}

window.alert('Alert some message');
document.write('Write some message');

Look really is very simple, at the time of actual application, pulled out two rows in front of the separate existence an external JS file, and the need to filter the JavaScript method page to load the JS file (can also in front of the user to edit content blocks a line load the script, so before our administrator or in a block of HTML web designers can still use the method of will be disabled), so called after disabled method is not effective.

Note: as a final note, you'll also want to disable some DOM manipulation methods, such as the remove() method, because users can use the DOM manipulation method to remove the JS file that you originally loaded.