Geek Answers Handbook

Is it safe that everyone can see my JavaScript validation functions?

On my registration page, I check the use of JavaScript and PHP.

However, people can see my JavaScript validation features while browsing the source of a web page. It contains input field names, identifiers, etc.

enter image description here

So is it safe for anyone to see them?

+5
source share
4 answers

The validation functions that you specified do not reveal any information that you think is necessary to keep secret (quite the contrary, actually telling people what is and what is not needed is useful and can break through to the UI). Therefore, they are โ€œsafeโ€ in that they do not disclose anything confidential.

If you have validation functions that use information or methods that you want to keep secret, you will need to transfer them to the server because they will not be โ€œsafeโ€ because they will reveal confidential information.

You can make it difficult for people to understand their client-side validation functions by using an aggressive minifier / obfuscator such as the Google Closure Compiler in advanced mode. But you cannot make this impossible: if the browser can read the code, people using the browser can read the code.

And just because we are talking about client-side verification, the usual warning: despite the fact that you are checking the client side, you still have to check the server side. Users can bypass their code on the client side and send invalid information.

+6
source

This is safe, as your code reflects the actions on your page. When you determine the maximum code length, you show it to your users by providing some user interfaces and messages. Nothing secretive here, so good.

In addition, when you move on to production from development, you should consider minifying and obfuscating your javascript code to hide your sensitive code from praying eyes. This way you save bandwidth and add an extra layer of security to your application.

+2
source

The JavaScript validation part is actually not so important for security, because users cannot modify or abuse anything if they pass it, but the PHP check, which you must observe carefully, as if compromised, can allow the user to access your (if your form is linked to your db, of course).

+1
source

Javascript validation works on the client side. If someone has disabled their browsers Javascript.it wont works. and furthermore, there are no security issues when showing javascript validation. Always check on the server side to avoid any incorrect consequences or security measures. in simple

Java script <Client Side Validation
PHP <Server side validation.

+1
source

More articles:


All Articles