let catvm = {};
(() => {
"use strict";
const $toString = Function.toString;
const myFunction_toString_symbol = Symbol('('.concat('', ')_', (Math.random() + '').toString(36)));
const myToString = function() {
return typeof this == 'function' && this[myFunction_toString_symbol] || $toString.call(this);
};
function set_native(func, key, value) {
Object.defineProperty(func, key, {
"enumerable": false,
"configurable": true,
"writable": true,
"value": value
})
};
delete Function.prototype['toString']; //删除原型链上的toString
set_native(Function.prototype, "toString", myToString); //自己定义个getter方法
set_native(Function.prototype.toString, myFunction_toString_symbol, "function toString() { [native code] }"); //套个娃 保护一下我们定义的toString 否则就暴露了
catvm.safefunction = (func) => {
set_native(func, myFunction_toString_symbol, `function ${myFunction_toString_symbol,func.name || ''}() { [native code] }`);
}; //导出函数到globalThis
}).call(this);
old_eval = eval;
eval = function(obj){
if (obj.indexOf("new Date(); debugger; return") == -1){
old_eval(obj)
}else {
return false;
}
}
catvm.safefunction(eval);
console.log(eval.toString());