sandbox_using_closures .html

<img id="test" />
<script>
let mock_console = {
  log: function(...args) { console.log(...args); }
};


let mock_document = {
  getElementById: function(element_name) { return window.document.getElementById(element_name); },
  createElement: function(element_name) { return null; }, // restricted
  get body() {
    return window.document.querySelector('body');
  },
};


(function(w) {
  let block = false;
  let original_createElement = window.Document.prototype.createElement;
  w.Document.prototype.createElement = function(element_name) {
    return block? null: original_createElement.call(document, element_name);
  }
}) (window);
//console.log(block); // Blocked access

let console2 = console; // FOR DEBUGGING

(function(window, document, console) {
  console.log('TEST');
  window.console.log('TEST2');
  //var my_console = new window.Console(); // window.Console == null
  //window.console.__proto__.constructor == Object

  delete window;
  delete document;
  delete console;

  console2.log('document.createElement', document.createElement('div')); // null
  console2.log('window.document.createElement', window.document.createElement('div')); // null
  var my_document = new window.Document();
  console2.log('my_document.getElementById', my_document.createElement('div')); // <div></div>

  window.addEventListener('load', function() {
    var test = document.createElement('div'); // called overwritten document.
    console2.log('in window load event handler', test);
  });
  
  var escape_script = my_document.createElement('script');
  escape_script.innerHTML = `
  var test = document.createElement('div');
  console.log('escaping inline script', test);
  `;
  document.body.appendChild(escape_script);

  }) ({
    Document: window.Document,
    console : mock_console,
    document: mock_document,
    addEventListener: function(name, callback) { return window.addEventListener(name, callback); }
  }, mock_document, mock_console);



</script>