I discovered today that you can delete eval
and delete Function
in JavaScript.
Is this an effective measure of hindering the kind of JS injection attacks relying on obfuscated code?
Are there significant downsides (i.e., breaking popular libraries that utilize these but possibly shouldn't)?
It certainly doesn't stop the effects of someone inserting a script tag on your page, but it might make it much more difficult to get that script tag inserted?