apache - How to prevent users from using javascript links -


this question has answer here:

i have website makes ajax calls server-side script when button pressed. problem user type following address bar:
javascript:callajaxroutine(); how prevent happening?

the people in comments right in saying you'll never able out of code 100%, can couple of things ward off less serious:

  1. encapsulate function in object, it's not in global namespace,
  2. obfuscate code

no 1

is case of doing this: (i'm going use jquery here, it's not essential, shortens code)

instead of:

<script>     var callajaxroutine = function () {         // ajax         ajax();     }      $('#button').on('click', callajaxroutine);  </script>

you take function out of global namespace , put inside object:

<script>      // sets object containing self-executing function     (function () {          var callajaxroutine = function () {             // ajax             ajax();         }          $('#button').on('click', function () {             callajaxroutine.apply(this);         });      }());  </script>

the second lot of code same first, code still called when event fired, typing callajaxroutine console show undefined because of closure of function exists declare , assign callajaxroutine event handler #button.click()

javascript:callajaxroutine(); nothing, there no accessible callajaxroutine defined anymore.

no. 2

put code through minified/obfuscator http://jscompress.com -- second lot of code above becomes:

(function(){var e=function(){ajax()};$("#button").on("click",function(){e.apply(this)})})();

the bigger function, more difficult read , understand. if have tool firebug can pull apart, it's real pain do, you'll dissuade most.


Comments

Post a Comment

Popular posts from this blog

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s...
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec...
Read more

c++ - importing crypto++ in QT application and occurring linker errors? -

i trying use crypto++ sankore-3.1 qt program, i've installed qt sdk 4.8.1 using vc++ 2010 compiler. i've compiled , built crypto++ using microsoft visual studio 2010, , have needed lib files, include .h files , dll file in hand. i testes these library simple qt application in empty project using qt creator, added libraries .pro file , run successfully. .pro file blow: win32:config(release, debug|release): libs += -l$$pwd/../../dokuman/sankore- 3.1/plugins/cryptopp/win32/dll_output/release/ -lcryptopp else:win32:config(debug, debug|release): libs += -l$$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/win32/dll_output/debug/ -lcrypto includepath += $$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/include dependpath += $$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/include sources += \ main.cpp win32:config(release, debug|release): libs += -l$$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/win32/output/release/ -lcryptlib else:win32:config(debug, de...
Read more