Stop Nasties

Prevents scripts from unencrypted sites doing some bad things.

Click here to install Browse More Scripts
// ==UserScript==
// @name         Stop Nasties
// @namespace    43cf75a3afd8fead3cb378d9502a19e1295dda96
// @version      0.6
// @description  Prevents scripts from unencrypted sites doing some bad things.
// @author       /u/AyrA_ch
// @include      http://*
// @grant        none
// @run-at       document-start
// ==/UserScript==

// Changelog
// 0.6 - Prevent logging of same object multiple times
// 0.5 - Allows local addresses
// 0.4 - Enable and disable feature
// 0.3 - Log script activity in console
// 0.2 - Don't run on localhost
// 0.1 - Initial Version
// =========

(function () {
	'use strict';

	var stringify = function (root, indent) {
		//Key that represents cyclic value. {KEY} is replaced with the key of the first occurence
		var REC = "[CYCLIC:{KEY}]";
		//Root node
		var ROOT = "<ROOT>";
		//Checks if the value has been parsed already
		var isParsed = function (value, parsed) {
			return typeof(value) == "object" && parsed.filter(function (v) {
				return v.value === value
			}).length > 0;
		};
		//Gets the key of a parsed value
		var getKey = function (value, parsed) {
			return isParsed(value, parsed) ? parsed.filter(function (v) {
				return v.value === value;
			})[0].key : ".";
		};
		//Parses a possibly cyclic object
		var parse = function (obj, parsed, indent) {
			return JSON.stringify(obj, function (k, v) {
				//Remove unnecessary types
				if (v === undefined || typeof(v) === "function") {
					return undefined;
				}
				//prevent executing of recursion check for null (because it's object)
				if (v && typeof(v) === "object") {
					if (isParsed(v, parsed)) {
						//Return replacement for parsed objects
						return REC.replace(/\{KEY\}/, getKey(v, parsed));
					}
					parsed.push({
						key: k ? "." + k : ROOT,
						value: v
					});
				}
				//Return non-cyclic value as-is
				return v;
			}, indent ? indent : 0);
		};
		return parse(root, [], indent);
	};

	var isLocal = function (x) {
		var locals = [
			//127.x.x.x
			/^127\.\d+\.\d+\.\d+$/,
			//::1
			/^::1$/,
			//192.168.x.x
			/^192\.168\.\d+\.\d+$/,
			//10.x.x.x
			/^10\.\d+\.\d+\.\d+$/,
			//172.16.x.x - 172.31.x.x
			/^172\.(1[6-9]|2\d|3[01])\.\d+\.\d+$/,
			//169.254.x.x
			/^169\.254\.\d+\.\d+$/
		];

		//localhost and .local domain
		if (x === "localhost" || x.split('.').pop() == "local") {
			return true;
		}
		//Local IP addresses
		if (locals.filter(function (v) {
				return !!x.match(v);
			}).length > 0) {
			return true;
		}
		return false;
	};

	var disabled = !!localStorage.getItem("nasty-disabled");
	if (!disabled) {

		if (isLocal(location.hostname.toLowerCase())) {
			console.warn(location.hostname, "is unsafe but a local address. Leaving JS Features enabled");
		} else {
			//Scripts still assume the return value is a number
			//To do this, run a fake function and return the timeout id.
			//Timeouts and intervals share the same Id pool.
			var oldTimeout = window.setTimeout;
			var dummyTimeout = function (a, b) {
				return oldTimeout(function () {}, b);
			};
			var toArray = function (x) {
				return Array.prototype.slice.call(x, 0);
			};

			var logged = [];

			var consoleMethods = {
				log: console.log,
				debug: console.debug,
				dir: console.dir,
				info: console.info,
				warn: console.warn,
				error: console.error
			};

			var doLog = function (args) {
				for (var i = 0; i < args.length; i++) {
					var a = args[i];
					if (logged.indexOf(stringify(a)) >= 0) {
						return false;
					} else {}
				}
				return true;
			};

			for (var i = 0; i < Object.keys(consoleMethods); i++) {
				var k = Object.keys(consoleMethods)[i];
				var f = function () {
					var args = toArray(arguments);
					if (doLog(args)) {
						args.forEach(function (v) {
							logged.push(stringify(v));
						});
						consoleMethods[this.type].apply(console, args);
					}
				};
				f.type = k;
				f = f.bind(f);
				console[k] = f;
			}

			//Note: The "unescape(...)" is totally unnecessary for functionality,
			//but prevents the Editor from complaining that "eval" and "document.write" are unsafe

			//Prevent Clearing of the console
			window.console.clear = function () {};
			//Do nothing
			document[unescape("write")] = consoleMethods.debug.bind(console, "document.write prevented. Data:");
			//Do nothing
			window[unescape("eval")] = consoleMethods.debug.bind(console, "eval prevented:");

			//Return fake id
			window.setInterval = function () {
				consoleMethods.debug.apply(console, ["setInterval prevented:"].concat(toArray(arguments)));
				return dummyTimeout.apply(this, toArray(arguments));
			};
			//Return fake id
			window.setTimeout = function () {
				consoleMethods.debug.apply(console, ["setTimeout prevented:"].concat(toArray(arguments)));
				return dummyTimeout.apply(this, toArray(arguments));
			};
			window.nasties = {
				disable: function () {
					localStorage.setItem("nasty-disabled", "1");
					location.reload();
				}
			};
			consoleMethods.warn(location.hostname, "is unsafe. Stop Nasties script is active, if important functionality is broken, call nasties.disable() (will reload)");
		}
	} else {
		console.warn(location.hostname, "is unsafe. Stop Nasties script is disabled, call nasties.enable() to enable protection (will reload)");
		window.nasties = {
			enable: function () {
				localStorage.removeItem("nasty-disabled");
				location.reload();
			}
		};
	}
})();

/*
LICENSE:
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The full license text can be found here: http://creativecommons.org/licenses/by-nc-sa/4.0/
The link has an easy to understand version of the license and the full license text.

DISCLAIMER:
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
*/

Copyright © 2018 by Kevin Gut 📧 | More services | Generated for 3.232.129.123