0

Is it possible to remove all side effects created from a third party script, without concretely knowing what they are?

Simple toy example:

A script is loaded via a script tag, it created a new DOM element, and also attaches some data to the window object.

My application now wants to remove anything this script has created/added to the browser.

Is it possible to delete all the effects?

Improve this question
4
  • It seems that in general this task would be equivalent to the halting problem (think of side effects in non-terminating execution paths), thus: no. Assuming terminating code, how would you handle statements that depend on user inputs (includes data queried over the net) ? You might have to enumerate over potentially very large domains in your sanitizing code. Side effect code my hinge on trigegring local structures, think of complex dom selectors. So the check will probably be inefficent in time and space. Maybe you can resort to aggressive code pruning or case-by-case reasoning. Commented Jul 23, 2018 at 11:21
  • it seems we have a X-Y problem here Commented Jul 23, 2018 at 13:13
  • @collapsar what about sandboxing and deleting the sandbox? Commented Jul 23, 2018 at 15:51
  • @ydennis: It seems you think about intercepting side effect calls or to supply some reference structure and compare it with the result of code potentially having side effects. Even if you manage one of these, you'd still have to cause the tested code to actually produce side effects. This might depend on very particular (meaning: rare) user input or context. Commented Jul 23, 2018 at 16:05

1 Answer 1

Reset to default
1

No, it's not possible. The only way to «remove» all effects from a external script is not loading it in the first place. Even if you target all script elements and delete them, the code would have already been executed.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Are you sure, what if a load it in an iFrame? Or within some other code generated sandbox?
@ydennis If the code only affects structures within the iframe, we have the original problem. If it does affect structures outside the iframe, how do you make sure that these code portions do not cause side effects if you do not know the nature of said side effects in advance ?
@collapsar that is precisely my question - but it seems that it should be possible, even if not trivial.
An <iframe> is not a sandbox. Scripts inside iframes can use window.top to access and alter the main page. The answer to "Is it possible to remove all side effects created from a third party script" is no. You cannot undo code that has already been executed, but you can run scripts in a sandbox, if you find an API for that.
The closest would probably be some save state.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.