SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,105
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Post view page source

    Hi, can i ask about the view page source, is it possible to hide the code of my jquery because when i view page source i can see all my jquery script like submitting the form, sending data to other page via jquery.ajax and etc...and the user might see all this and i think it will be prone to hacking...can you please enlighten my mind.

    Thank you in advance.

  2. #2
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,656
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    That's why it's better to use php for form processing.

  3. #3
    SitePoint Zealot evilunix's Avatar
    Join Date
    Jun 2008
    Location
    York, UK.
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's not possible to hide client-side code, no. You could make a copy of it and obfuscate it to make it harder to read though.

  4. #4
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,105
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I use jquery so that when i am submitting the form it will not refresh the page.

  5. #5
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,105
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    what do you mean by this
    You could make a copy of it and obfuscate

  6. #6
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    You could if you wanted encrypt the JavaScript like a lot of virus writers and other miscreants do. Or obfuscate the code (write the code that is difficult for humans to understand).

    In both cases usually if you feel the need to do either - for major security reasons/concerns - the odds are you shouldn't be using client-side script in the first place for that specific task.

    Like was mentioned all client-side script can be accessed by the browser or visitor so make sure any potential attack surface is minimal.

  7. #7
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,938
    Mentioned
    214 Post(s)
    Tagged
    12 Thread(s)
    I think you have your answer jemz, but I wanted to point you at this discussion anyway: http://stackoverflow.com/questions/6...e-in-a-webpage
    It makes interesting reading.

  8. #8
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,804
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by jemz View Post
    i think it will be prone to hacking.
    There is no need for anyone to hack JavaScript. If the script does something you don't want to do then you simply turn off JavaScript for that web page. If you want to do something slightly different you add your own JavaScript to the page to override any scripts already in the page.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  9. #9
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,656
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pullo View Post
    I think you have your answer jemz, but I wanted to point you at this discussion anyway: http://stackoverflow.com/questions/6...e-in-a-webpage
    It makes interesting reading.
    That was a good read. What's this bit doing? That's the only one I couldn't tell. It was the post second to last.

    //------------------------------
    function unloadJS(scriptName) {
    var head = document.getElementsByTagName('head').item(0);
    var js = document.getElementById(scriptName);
    js.parentNode.removeChild(js);
    }


    //----------------------
    function unloadAllJS() {
    var jsArray = new Array();
    jsArray = document.getElementsByTagName('script');
    for (i = 0; i < jsArray.length; i++){
    if (jsArray[i].id){
    unloadJS(jsArray[i].id)
    }else{
    jsArray[i].parentNode.removeChild(jsArray[i]);
    }
    }
    }

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,804
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    [QUOTE=EricWatson;5337033 What's this bit doing?[/quote]

    Code:
    function unloadJS(scriptName) {
      var head = document.getElementsByTagName('head').item(0);
      var js = document.getElementById(scriptName);
      js.parentNode.removeChild(js);
    }
    if you call unloadJS('myscriptid'); then the scripttag containing id="myscriptid" is removed from the current web page. Not sure why the var head line is there as that does nothing. Not sure why the scriptid field is called scriptname.


    Code:
    function unloadAllJS() {
      var jsArray = new Array();
      jsArray = document.getElementsByTagName('script');
      for (i = 0; i < jsArray.length; i++){
        if (jsArray[i].id){
          unloadJS(jsArray[i].id)
        }else{
          jsArray[i].parentNode.removeChild(jsArray[i]);
        }
      }      
    }
    The var jsArray line does nothing because the next line overwrites it with a nodelist of all the script tags in the page. Since it is a nodelist it is confusing to call it jsArray but then whoever wrote this doesn't appear all that good at giving variables meaningful names. The loop steps through every second script tag removing them using the first function if the script tag has an id or a one line equivalent if it doesn't. In this instance the function is misnamed as only the odd numbered entries in the original nodelist get deleted because as each script tag is deleted off the front all the others get moved up (one of the many traps for beginners).

    Cleaned up it is hopefully easier to read what it is doing plus reorganising the loop to actually delete every script tag and not just the alternate ones:

    Code:
    function unloadJS(scriptid) {
      var js = document.getElementById(id);
      js.parentNode.removeChild(js);
    }
    function unloadAllJS() {
      jsnodes = document.getElementsByTagName('script');
      for (i = jsnodes.length-1; i >=0; i++){
          jsnodes[i].parentNode.removeChild(jsnodes[i]);
        }
      }      
    }
    or if you really must remove the script tags from the top of the page down then use a while loop instead of a for loop:

    Code:
    function unloadAllJS() {
      jsnodes = document.getElementsByTagName('script');
      while (jsnodes.length) {
              jsnodes[0].parentNode.removeChild(jsnodes[0]);
        }
      }      
    }
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,656
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Lol thanks felgall. What's it doing in dumbed down talk I guess. How is it hiding the js? Thanks

  12. #12
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,147
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    Any attempt to do this isn't worth the time of day. I could just turn of JavaScript and see all your scripts. Not that hard either way.
    The only code I hate more than my own is everyone else's.

  13. #13
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,804
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by EricWatson View Post
    Lol thanks felgall. What's it doing in dumbed down talk I guess. How is it hiding the js? Thanks
    It isn't hiding the JS - it is removing the JS from the page. Once the above script finishes running there will no longer be any JavaScript attached to the page to run.

    Any JavaScript that runs before it gets to the end of the script containing that code will be the only JavaScript in the page that gets to run.

    If there is any JavaScript actually embedded into the HTML that calls functions then that code will run up to the point where it calls the function that no longer exists.


    In fact on my page http://www.felgall.com/jstip154.htm below the instructions on how to turn JavaScript on and off in the various browsers I have a bookmarklet script and a userscript available that use the exact same while loop as I rewrote above to disable JavaScript in the web page as examples of how you can use JavaScript to selectively disable JavaScript in browsers that don't make it easy to do it selectively using the browser options. (only just remembered that page was there).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  14. #14
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,105
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    It isn't hiding the JS - it is removing the JS from the page. Once the above script finishes running there will no longer be any JavaScript attached to the page to run.

    Any JavaScript that runs before it gets to the end of the script containing that code will be the only JavaScript in the page that gets to run.

    If there is any JavaScript actually embedded into the HTML that calls functions then that code will run up to the point where it calls the function that no longer exists.


    In fact on my page http://www.felgall.com/jstip154.htm below the instructions on how to turn JavaScript on and off in the various browsers I have a bookmarklet script and a userscript available that use the exact same while loop as I rewrote above to disable JavaScript in the web page as examples of how you can use JavaScript to selectively disable JavaScript in browsers that don't make it easy to do it selectively using the browser options. (only just remembered that page was there).
    Hi felgal, where should i put those function that you wrote?...by the way after it finishes to remove the script in the page,does my page will still functioning ?

    Thank you in advance.

  15. #15
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,804
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by jemz View Post
    Hi felgal, where should i put those function that you wrote?...by the way after it finishes to remove the script in the page,does my page will still functioning ?
    The instructions on how to attach the scripts to your browser are in that web page - it varies depending on which browser you are using.

    After the script runs the page will function exactly as if JavaScript were disabled but with any scripts that run during the load having already run (which wouldn't have happened if JavaScript actually were disabled).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •