I have my website, which my school has recently blocked. I found how to get around it by deleting the filter agents functions and variables (That are injected in JS) before my website loads.
However, I was wondering if there was a way to prevent the injecting JS on my website in the first place. I am using GitHub pages.
I have tried resetting the DOM tree, but I kept getting errors that I could not do this, I don’t have the error message right now, but I’ll get it soon. (Sorry about that)
flushFile = document.createElement("script");
flushFile.setAttribute("src", "flush.js");
document.head.appendChild(flushFile); //Loads flush.js into the DOM tree, overwriting all functions and variables of the filter agent, in browser memory to null
I am aware that most XSS attacks are on server side, but I am not worrying about that (for now). I just need to fix something like client side. If I disable all JS, yes that defeats this, but my nav bar would break, and lots of other things on my website. (https://ranchodvt.github.io/Comp-V3/index.html)
Here’s my code of deleting all the filter agents variables and funtions:
document.addEventListener('DOMContentLoaded', () => {
function timeout(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}
async function NotBlockingMe() {
await timeout(75);
console.clear();
console.log("=====");
// Functions
var getLoaderPolicy = function () { } // no-op function;
var loadES6 = function () { } // no-op function;
var isYoutube = function () { } // no-op function;
var checkCurrentSite = function () { } // no-op function;
var getHardBlockPolicy = function () { } // no-op function;
var hardBlock = function () { } // no-op function;
var stopVideo = function () { } // no-op function;
var updateLocation = function () { } // no-op function;
// Variables
var hardBlockPolicy = null;
var prevURL = null;
console.log("=====");
// re-assign
window.isYoutube = function () { } // no-op function
window.loadES6 = function () { } // no-op function
window.checkCurrentSite = function () { } // no-op function
window.getHardBlockPolicy = function () { } // no-op function
window.hardBlock = function () { } // no-op function
window.stopVideo = function () { } // no-op function
window.updateLocation = function () { } // no-op function
window.initFlagScanning = function () { } // no-op function
window.getLoaderPolicy = function () { } // no-op function
window.loaderPolicy = function () { } // no-op function
console.log("Just incase, Functions deleted again.");
console.log("=====");
}
NotBlockingMe()
// Other website code...
}
If I forgot something obvious, or you have a question, please don’t hesitate to ask.
I’m new to website design.