Last Updated: September 09, 2019
·
1.836K
· davidhiggins

Giving the user no control with JavaScript

// Disable Context Menu
document.oncontextmenu = function () {
    return false
};

// Disable dragging of HTML elements
document.ondragstart = function () {
    return false
};

// Break out of frames
function bust() {
    document.write = "";
    window.top.location = window.self.location;
    setTimeout(function () {
        document.body.innerHTML = ''
    }, 0);
    window.self.onload = function (evt) {
        document.body.innerHTML = ''
    }
}
if (window.top !== window.self) {
    try {
        if (window.top.location.host) {} else {
            bust()
        }
    } catch (ex) {
        bust()
    }
}

// Annoy user if context menu button presssed
document.onkeydown = function (e) {
    if (e.keyCode == 93) {
        alert('_')
    }
};

// Disable selecting of text
document.onselectstart = function () {
    if (event.srcElement.type != "text" && event.srcElement.type != "textarea" && event.srcElement.type != "password") {
        return false
    } else {
        return true
    }
};

// Disable Mousedown event, except for text-areas & Inputs where it's needed
document.onmousedown = function (e) {
    var obj = e.target;
    if (obj.tagName.toUpperCase() == "INPUT" || obj.tagName.toUpperCase() == "TEXTAREA" || obj.tagName.toUpperCase() == "PASSWORD") {
        return true
    } else {
        return false
    }
};

// Stop CTRL Key abuse on your page!
window.onkeydown = function (e) {
    if (e.ctrlKey == true) {
        return false
    }
};

10 Responses
Add your response

I hope you don't use it in real life :)

over 1 year ago ·

Ha ha! Yeah, it's a bit evil :) I just wanted to explore how many ways I could block the user from doing things. There's a GIST here you can fork if you can find anything else to block/disable:

https://gist.github.com/SoHiggo/9587120

over 1 year ago ·

Does blacking out the entire screen count? :)

over 1 year ago ·
over 1 year ago ·

@davidhiggins This is irrelevant, but do you know why your gist has a red highlight? I mean:

red markdown

This is the first time I've ever seen a red markdown gist.

over 1 year ago ·

@zhimingwang i'm guessing it's detecting that it's the wrong format (file says .md, lexer doesn't agree)

over 1 year ago ·

@zaus Hmm, not sure about that. I looked at the source and saw nothing suspicious; I parsed it with a couple of my parsers and saw nothing special either. After all it's as simple as a code block. In fact, yesterday whenever I copy the source as is and publish as a gist, it is highlighted; whenever I make a tiny change to it, including removing one single character or adding a single linefeed, it's normal. Today I can't even reproduce with the original source. Rather intriguing. (Maybe they broke something in the parser, temporarily? This is unlikely, but who knows...)

over 1 year ago ·

Effective! But I'm massively against this, would love to see the opposite of this, i.e. 'give user default access'.

over 1 year ago ·

Effective! But I'm massively against this, would love to see the opposite of this, i.e. 'give user default access'.

Plain HTML is always accessible, searchable, responsive, etc. :) Well, unless you really screw it up

over 1 year ago ·

Found a website using something like this script, you can't imagine how it's frustrating -_- !

over 1 year ago ·