Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: How to hide JAVASCRIPT coding from CGI?

by jZed (Prior)
on Mar 14, 2005 at 17:49 UTC ( #439378=note: print w/replies, xml ) Need Help??

in reply to How to hide JAVASCRIPT coding from CGI?

1. JavaScript can only "validate" what is on a given HTML page, it does absolutely nothing to validate what is recieved by a CGI script. All anyone has to do is copy the original page, take out the javascript and submit that copy and your CGI will recieve the form with absolutely no validataion.

2. "Hiding" JavaScript is the same thing as not using JavaScript. If you use JavaScript it is, by definition, visible to the browser - otherwise the browser couldn't execute it.

  • Comment on Re: How to hide JAVASCRIPT coding from CGI?

Replies are listed 'Best First'.
Re^2: How to hide JAVASCRIPT coding from CGI?
by Hero Zzyzzx (Curate) on Mar 14, 2005 at 20:58 UTC

    It's even easier than that- users can turn off javascript anywhere they want, nullifying your client-side validation altogether.

    If you use Mozilla Firefox and the Web Developer Extension it is INCREDIBLY easy to muck with form values- you can turn POSTs to GETs, make all variables "writable" right in the browser, and generally wreck havoc on brittle form validation. Use javascript for UI/notification icing, server-side for real variable sanitization.

    -Any sufficiently advanced technology is
    indistinguishable from doubletalk.

    My Biz

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://439378]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (5)
As of 2021-05-15 15:29 GMT
Find Nodes?
    Voting Booth?
    Perl 7 will be out ...

    Results (150 votes). Check out past polls.