I have an array of hidden input fields that carry especially important data, and the form is submitted to a third-party application with the click of a button.

The values ​​of these inputs are set on the server side. The page with these inputs is a confirmation page, and the user clicks a button to confirm the transaction, and the data is placed in hidden entries.

This is inherently very unsafe, since anyone who has half decent knowledge of javascript can download devtools and use javascript to change the values ​​of hidden inputs before sending data. The page is even conveniently loaded with jQuery! Ha! (I experienced it myself).

This works in a private application with a limited set of users and still has not been a problem, but now the same architecture is required in a wider public space, and the consequences for delivery security will be a bit scary.

The solution is to host the data server on the server side, but server-side publishing does not work (at least not in a straightforward way) due to the way the third-party application is configured. An alternative would be to somehow prevent javascript (and, of course, the jQuery extension) from changing the values ​​in the input fields.

I was thinking of implementing (using setInterval) a loop that basically checked if the input values ​​were the same as the original, and if not, changed it, effectively preventing the values ​​from changing.

? , javascript ?

**

, :

, ( ruby ​​on rails).

, , , , .

Ruby on Rails .

, , , , @dotnetom . (. )

, .