By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,817 Members | 2,152 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,817 IT Pros & Developers. It's quick & easy.

Security of Javascript

P: n/a
I was wondering if using Javascript to redirect a user, on the client
side, to different pages depending on what they entered was insecure.
I do not want the user to be able to view the source of the page. I
am having the user enter in some input using the input dialog box and
then using a window.location redirection based on their input. Is it
possible to view the source of a page after the input box has closed
but before the new page has loaded, ie. while the browser is
requesting the new page?

Thanks,

Greg
Jul 20 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
In article <e9*************************@posting.google.com> , msbg4
@hotmail.com says...
I was wondering if using Javascript to redirect a user, on the client
side, to different pages depending on what they entered was insecure.
I do not want the user to be able to view the source of the page.
Tough.

I
am having the user enter in some input using the input dialog box and
then using a window.location redirection based on their input. Is it
possible to view the source of a page after the input box has closed
but before the new page has loaded, ie. while the browser is
requesting the new page?


Yes. Look in your cache.

--
Hywel I do not eat quiche
http://hyweljenkins.co.uk/
http://hyweljenkins.co.uk/mfaq.php
Jul 20 '05 #2

P: n/a
In article <e9*************************@posting.google.com> , msbg4
@hotmail.com enlightened us with...
I was wondering if using Javascript to redirect a user, on the client
side, to different pages depending on what they entered was insecure.
I do not want the user to be able to view the source of the page.
Well, all I have to do is turn off my javascript or look in my cache.
heh
You can try to obfuscate it, but if I want it that bad, I'll run it
through a deobfuscator.
I
am having the user enter in some input using the input dialog box and
then using a window.location redirection based on their input.


Then evaluate the input on the server-side and redirect from the server.
No other way is secure. If my browser can see it, so can I, no matter
what you do. If I want it, it's mine.

If you really want to be a pain, use Flash. I have to deconstruct and
reconstruct that to see the source, which is difficult and rarely worth
anyone's time. Of course, that requires a plugin, which may piss off
some users.

--
--
~kaeli~
Never mess up an apology with an excuse.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 20 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.