Surely censoring the functionality is completely impossible, due to the dynamic nature of JS?<p>alert("blah")<p>can just as easily be made to be<p>window["alert"]("blah"), where the string 'alert' could be made by a very convoluted manner. Solving this would be akin to solving the halting problem, no?