secure-eval-blocker

Enhanced script to block eval and dynamic code execution, protect privacy, and prevent malicious scripts.

Як встановити

You will need to install an extension such as Tampermonkey, Greasemonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install an extension such as Tampermonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey or Userscripts to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install a user script manager extension to install this script.

(У мене вже є менеджер скриптів, дайте мені встановити його!)

Як встановити

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

(I already have a user style manager, let me install it!) 

// ==UserScript==
// @name         secure-eval-blocker
// @namespace    https://github.com/secure-scripting
// @version      1.1.0
// @description  Enhanced script to block eval and dynamic code execution, protect privacy, and prevent malicious scripts.
// @author       anonymous
// @match        *://*/*
// @grant        none
// @run-at       document-start
// ==/UserScript==

(function() {
  'use strict';
  
  // 混淆变量名
  const _0x1a = window, _0x2b = Object, _0x3c = 'eval', _0x4d = 'Function', _0x5e = document;
  
  // 禁用 eval 和 Function 构造函数
  const _0x6f = function() { throw new Error('Dynamic code execution is blocked for security.'); };
  _0x2b.defineProperty(_0x1a, _0x3c, { value: _0x6f, writable: false, configurable: false });
  _0x2b.defineProperty(_0x1a, _0x4d, { value: _0x6f, writable: false, configurable: false });

  // 拦截 setTimeout/setInterval 的字符串参数
  const _0x7g = ['setTimeout', 'setInterval'];
  _0x7g.forEach(function(_0x8h) {
    const _0x9i = _0x1a[_0x8h];
    _0x1a[_0x8h] = function(_0xa, _0xb) {
      if (typeof _0xa === 'string') {
        throw new Error('String-based code execution is blocked.');
      }
      return _0x9i(_0xa, _0xb);
    };
  });

  // 设置 CSP 禁用 eval 和内联脚本
  const _0x10j = _0x5e.createElement('meta');
  _0x10j.setAttribute('http-equiv', 'Content-Security-Policy');
  _0x10j.setAttribute('content', 'script-src \'self\'; object-src \'none\';');
  _0x5e.head.appendChild(_0x10j);

  // 保护敏感对象,防止通过 eval 访问
  const _0x11k = ['localStorage', 'sessionStorage', 'cookie'];
  _0x11k.forEach(function(_0x12l) {
    try {
      _0x2b.defineProperty(_0x1a, _0x12l, {
        get: function() { throw new Error('Access to ' + _0x12l + ' is restricted.'); },
        set: function() { throw new Error('Modification of ' + _0x12l + ' is restricted.'); },
        configurable: false
      });
    } catch (_0x13m) {}
  });

  // 监控动态脚本注入
  const _0x14n = _0x5e.createElement;
  _0x5e.createElement = function(_0x15o, ..._0x16p) {
    const _0x17q = _0x14n.call(_0x5e, _0x15o, ..._0x16p);
    if (_0x15o.toLowerCase() === 'script') {
      Object.defineProperty(_0x17q, 'innerHTML', {
        set: function() { throw new Error('Dynamic script injection is blocked.'); }
      });
    }
    return _0x17q;
  };

  // 自毁机制,确保脚本只运行一次
  const _0x18r = function() {
    _0x2b.defineProperty(_0x1a, 'secureEvalBlocker', { value: true, writable: false });
  };
  if (!_0x1a.secureEvalBlocker) _0x18r();
})();