Broad Network

Insecurities and Prevention from Function Expressions and Prototypes

ECMAScript Insecurities and Prevention – Part 5

ECMAScript 6

Foreword: In this part of the series, I talk about Insecurities and Prevention from Function Expressions and Prototypes.

By: Chrysanthus Date Published: 16 Jul 2016


This is part 6 of my series, ECMAScript Insecurities and Prevention. In this part of the series, I talk about Insecurities and Prevention from Function Expressions and Prototypes. You should have read the previous parts of the series before coming here, as this is a continuation.

A function expression is a function body assigned to a variable. When an object is created, it is initially a kind of copy of the prototype of a constructor.

The problem is: it is legitimate in ECMAScript, for a function code to be assigned to a variable different from its original function variable; and for a prototype object to be assigned to a constructor different from its original constructor. As you can see, hackers are ready to take advantage of this. I will spend the rest of the tutorial explaining the phenomenon, the hacking problem and then the prevention. I begin with function expressions before I go to prototypes.

Function Expressions
Function expression types are:

    foo = function (args) {}
    foo = (args)=>{}

In either of these cases, foo is holding a reference to the same function code.

In the following program, there are two code references for two different function bodies, assigned to two different variables. Each function body has its own reference. Below in the program, the references interchange variables.

    coderefA = function()
                alert("I am originally of reference A.");

    coderefB = function()
                alert("I am originally of reference B.");

    temp = coderefA;
    coderefA = coderefB;  //coderefA now holds reference (memory address) of B
    coderefB = temp;  //coderefB now holds reference (memory address) of A

    coderefA();  //function call

The output is:

    I am originally of reference B.
    I am originally of reference A.

opposite to what was originally coded. In the following program a variable is given a new reference (address) and function body and evaluated on behalf of the first function body. Try the code and when asked for the input, type and press Enter (OK), the following:

    coderef = function() {alert("Thank you. I am danger!")}

The program is:

    coderef = function ()
                        alert("I am the right variable Body.");

    input = prompt('Input Value');


    coderef();  //function call

The output is:

    Thank you. I am danger!

So, if the hacker can know the variable names, coderef and input, which are difficult, but not impossible to know, he can send in false code to your program, through the eval() function. In the following application, the hacker uses a variable in the program to execute a function in a module.

Assume that you have the following module:

exports.fn = () =>
        console.log("I am a killer.");

Assume that your program is:

mo = require('./Modu.js');  //name of module is Modu.js.

    coderef = () =>
                        console.log("I am the right variable Body.");

    input = "coderef = mo.fn()";



If the input is,

   coderef = mo.fn()

then the output will be:

    I am a killer.

The input is a reference to a function in the module.

The hacker can easily know the variables of a module, because documents of modules are not hidden (they are all-over the web). If he struggles and knows the variable, coderef, then he can send in wrong code through the eval() function.

A strange prototype (instead of the original) can be assigned to the constructor function to cause trouble. Try the following code:

        function ConstfFn()


        proto = new Object();

        proto.num1 = 3;
        proto.num2 = 4;
        proto.add = function ()
                sum = this.num1 + this.num2;
                return sum;

        protoStrange = new Object();

        protoStrange.num1 = "trouble ";
        protoStrange.num2 = " trouble";
        protoStrange.add = function ()
                sum = this.num1 + this.num2;
                return sum;

        ConstfFn.prototype = protoStrange;

        obj = new ConstfFn();

        answer = obj.add();


The output is “trouble trouble” instead of 7.

To prevent a function from being assigned a new body, just make the function definition constant as in the following:

    const coderefA = function()
                alert("I am originally of reference A.");

With this, no other function can be assigned to coderefA.

To prevent a strange prototype from being assigned to a constructor function, use a class declaration whose constructor prototype cannot be accessed (instead of the constructor function). The following code illustrates this:

        class Calculator

                constructor(no1, no2)
                        this.num1 = no1;
                        this.num2 = no2;

                        var sum = this.num1 + this.num2;  
                        return sum;

        obj = new Calculator(3, 4);

        answer = obj.add();


That is it for this part of the series. We stop here and continue in the next part.


Related Links

ECMAScript Basics
ECMAScript Operators
Expressions in ECMAScript
Statements in ECMAScript
Custom Objects in ECMAScript
Functions in ECMAScript
ECMAScript Date Object
The ECMAScript String Object
ECMAScript String Regular Expressions
ECMAScript Template Literal
The ECMAScript Array
ECMAScript Sets and Maps
ECMAScript Number
Scopes in ECMAScript
Mastering the ECMAScript (JavaScript) eval Function
Sending Email with ECMAScript
ECMAScript Insecurities and Prevention
Advanced Course
Advanced ECMAScript Regular Expressions
Promise in ECMAScript 2015
Generator in ECMAScript 2015
ECMAScript Module
More Related Links
Node Mailsend
Node.js Web Development Course
Major in Website Design
Low Level Programming - Writing ECMAScript Module
ECMAScript Course



Become the Writer's Follower
Send the Writer a Message