By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,748 Members | 1,427 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,748 IT Pros & Developers. It's quick & easy.

PHP Var -> Javascript VAR

P: n/a
In there any mechanism to get a server side PHP variable, into a client
side Javascript variable - without the value of the variable being
visible in a view source ?
--
Spam:newsgroup(at)cr*********@verisign-sux-klj.com
EMail:<0110001100101110011000100111010101110010011 010110
11001010100000001100011011100100110000101111010011 011100
11000010111001000101110011000110110111101101101001 00000>
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
127.0.0.1 wrote:
In there any mechanism to get a server side PHP variable, into a client
side Javascript variable - without the value of the variable being
visible in a view source ?

Not easily. The usual way to pass variables like that is:
<script language="javascript">
var fred="<?php=$fred?>";
</script>
or
<input type="hidden" name="fred" value="<?php=$fred?>">
both of which are visible in the HTML source.

You could, however use an IFRAME which updates variables in the main
frame then redirects to obscure the contents. However a javascript
debugger will allow the contents of those vars to be seen.

It does beg the question as to why you need to pass obviously sensitive
information to the browser. I would try and keep such things in session
variables to avoid the round trip altogether.

Jul 17 '05 #2

P: n/a
Kevin Thorpe wrote:
You could, however use an IFRAME which updates variables in the main
frame then redirects to obscure the contents. However a javascript
debugger will allow the contents of those vars to be seen.
That isn't a problem, however IFRAMES are not very portable apparently
....

It does beg the question as to why you need to pass obviously
sensitive information to the browser. I would try and keep such
things in session variables to avoid the round trip altogether.


Not sensative, more 'internal'.
--
Spam:newsgroup(at)cr*********@verisign-sux-klj.com
EMail:<0110001100101110011000100111010101110010011 010110
11001010100000001100011011100100110000101111010011 011100
11000010111001000101110011000110110111101101101001 00000>
Jul 17 '05 #3

P: n/a
Since JavaScript is client-side, there is no real way to hode anything
from the user. You can obfuscate it, hide it in other js files. It will
stop most people, but it won't be hidden as there will always be a way
for them to see it, the file is stored in cache and can be viewed with
any text editor.

127.0.0.1 wrote:
In there any mechanism to get a server side PHP variable, into a client
side Javascript variable - without the value of the variable being
visible in a view source ?


Jul 17 '05 #4

P: n/a
On Monday 13 October 2003 04:38 am, 127.0.0.1 wrote:
Kevin Thorpe wrote:

It does beg the question as to why you need to pass obviously
sensitive information to the browser. I would try and keep such
things in session variables to avoid the round trip altogether.


Not sensative, more 'internal'.


If the value isn't sensitive, then don't worry about it. The average user
isn't going to look at the javascript, and anyone (like us) who does
deserves what he gets when he plays around. :)

There are reasons to pass things down to the web page that need to be
protected. If that's the case here (and you don't need to change the value)
HMAC or similar is a good compromise. Send down the value and an HMAC of
the value with a secret you don't send. Then only accept the value back if
accompanied by a correct hash.
--
Don Faulkner, KB5WPM |
(This space | "All that is gold does not glitter."
unintentionally | "Not all those who wander are lost."
left blank) | -- J.R.R. Tolkien
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.