Laphan wrote:
<SCRIPT LANGUAGE="javascript" SRC="js-something.asp">
</SCRIPT>
and this seems to work well apart from the fact that if the user,
puts in for example:
www.mydomain.co.uk/js-something.asp
the javascript is written to the web page for them to see.
Is it possible for the ASP side of this file to check whether it is
has been accessed directly (eg, as per the URL above) rather than
simply being SRC'd inside another ASP page?
How important is this, really?
Client-side code *must* be visible to the user agent, so there is no real
way of keeping me from viewing it. But I can think of a way to make it
difficult...
First of all, you have already made the JS file an ASP script. Good. Now tie
it to a one-time-use "random" value on the server:
Your ASP Script
================================================== =====================
Call Randomize()
Session("js-something") = Rnd()
<SCRIPT SRC="js-something.asp?r=<%=Session("js-something")%>"></SCRIPT>
js-something.asp
================================================== =====================
If Response.QueryString("r") <> Session("js-something") Then
Response.End()
End If
Session("js-something") = null
Add some expiration to the JS file, and this ought to help. Of course, it
assumes cookies are enabled. If you want to make it work for cookieless
requests, you'll need to put the random value into a DB.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
