SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Apr 2004
    Location
    Rochester, NY
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hiding javascript order form calculations - is it possible?

    Hi -

    I'm working on building a order form. Similar to this - http://www.htmlgoodies.com/legacy/be...7withval2.html

    When I view the source of this form, I see all the javascript for the calculations in the header area. Is there a way to move all of this to an external js file and still have it work? When I try doing that, the functions no longer work on the form page. I'm assuming I need to modify the calls and pass certain values back and forth between the form and the js file. I don't know how to do this though.

    Should I be worried about security with all the javascript calculations out in the open?

    Thanks in advance for the pointers.
    Barb

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,154
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)

    javascript

    Hi basnyd, welcome to the forums,
    You could call the javascript from an external file, but that file will be uploaded to the users "cache" and can then be seen. Best practice is to use javascript to enhance a users experience, but never depend on it being enabled, and don't rely on it for secure scripts. It's great for alerting users to an invalid form field before sending another request to the server. It's fine for giving users an idea of what the order will cost, but do all secure calculations server-side

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Javascript is an open source scripting language which means that anyone can view your source and see how your code works. That is one of the reasons why you also need to perform processing server side after a form is submitted to verify that calculations have not been tampered with.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •