-1

Is it possible for me to, using JavaScript, detect if someone uses a bookmarklet or inject JavaScript code into a page using a "javascript:{command}" URL?

Heretic Monkey
  • 11,687
  • 7
  • 53
  • 122
herohamp
  • 615
  • 4
  • 13

1 Answers1

4

No, it isn't. They could inject code that removes your detection method.

I'm not sure what it is you're trying to do or prevent, but expecting to enforce security client-side in this manner is not going to help you.

Brad
  • 159,648
  • 54
  • 349
  • 530
  • Is it possible to just detect it as long as they are not removing your detection code? Or is it impossible to even do that? – herohamp Jun 06 '17 at 21:43
  • There's no magic browser event like `onScriptModified` or anything like that. Anything you'd be doing is going to be some hacky dumping of functions as text and comparing or hashing. There is no point to this... you can't prevent someone tampering with your client-side code in browser. Even if you could, they could just intercept it and run it in their own context. – Brad Jun 06 '17 at 21:45
  • Ok thanks for your answer – herohamp Jun 06 '17 at 21:46