jQuery and security?

Hello, everyone,

Just a quick question.

Are there any security benefits to using jQuery (or even plain JavaScript) to create elements/objects/hyperlinks after a page is done loading?

I assume that the downside to doing so would be lousy SEO. Especially if all anchors and forms had their default actions prevented, using .load() to push content into divs, not allowing the URL to actually change in the browser. (If this is incorrect, please advise.)

I’m just playing around with jQuery, and I’ve got it to the point where if I do a view source, all I see is the HTML declaration, the <head> and <body> tags, and the includes for jQuery plus the .js file that creates everything. Does this make things more secure? Or less secure? (I’m using jQuery 1.8.2)


It doesn’t make it either, the information is still there. You can increase security by using AJAX and doing anything you want to keep hidden from the user on the server rather than the client. Doing too much with Javascript (jQuery or not) will make your app less secure as you expose more to the client, which anyone can see.

I don’t know a ton about SEO, but I do know they don’t run Javascript, so anything that’s added with Javascript is not going to be there to them.

Sounds like you would be better off using something like Angular.js in this situation than jQuery. jQuery is more for manipulating what’s already there, maybe adding this or that. Just generally making Javascript easier, more natural feeling, and adding useful common functionality. Where as Angular.js, Ember.js, etc are made for developing dynamic single page front-end applications, which is what it sounds like you’re talking about.

Thanks, mawburn. I’ll look into Angular. I don’t think work will allow me to put it on the server, but I can certainly learn it at home.

What about MooTools? Do you think MooTools might be as good as Angular? I only ask because the last contract that I worked used MooTools, so I do have some experience with it.

Thank you.

I think MooTools is more like jQuery than Angular. I’ve never used it personally.