in reply to How to hide JAVASCRIPT coding from CGI?

1. JavaScript can only "validate" what is on a given HTML page, it does absolutely nothing to validate what is recieved by a CGI script. All anyone has to do is copy the original page, take out the javascript and submit that copy and your CGI will recieve the form with absolutely no validataion.

2. "Hiding" JavaScript is the same thing as not using JavaScript. If you use JavaScript it is, by definition, visible to the browser - otherwise the browser couldn't execute it.

  • Comment on Re: How to hide JAVASCRIPT coding from CGI?

Replies are listed 'Best First'.
Re^2: How to hide JAVASCRIPT coding from CGI?
by Hero Zzyzzx (Curate) on Mar 14, 2005 at 20:58 UTC

    It's even easier than that- users can turn off javascript anywhere they want, nullifying your client-side validation altogether.

    If you use Mozilla Firefox and the Web Developer Extension it is INCREDIBLY easy to muck with form values- you can turn POSTs to GETs, make all variables "writable" right in the browser, and generally wreck havoc on brittle form validation. Use javascript for UI/notification icing, server-side for real variable sanitization.

    -Any sufficiently advanced technology is
    indistinguishable from doubletalk.

    My Biz