Detect if function is native to browser

Question

I am trying to iterate over all the globals defined in a website, but in doing so I am also getting the native browser functions.

var numf=0; var nump=0; v         


        

Answer 1

Function.prototype.toString can be spoofed, something kinda like this:

Function.prototype.toString = (function(_toString){
  return function() {
    if (shouldSpoof) return 'function() { [native code] }'
    return _toString.apply(this, arguments)
  }
})(Function.prototype.toString)

You can detect if Function.prototype.toString is vandalized by trapping .apply(), .call(), .bind() (and others).

And if it was, you can grab a "clean" version of Function.prototype.toString from a newly injected IFRAME.