Web Hosting Talk : Web Hosting Main Forums : Programming Discussion : Disable Javascript

[mr5]

I protect my page by Javascript.
Can visitore disable Javascript in IE or Netscape...?

Thanks for support.

[stdunbar]

Certainly in the Netscape series - Mozilla and Firefox. I think in IE also.

Don't bother. It won't work. See the great number of other threads on this topic - you cannot protect your HTML code from somebody who really wants to see it.

[luki]

This was posted recently, and it's quite good
http://www.vortex-webdesign.com/help/hidesource.htm

[mr5]

Ok, I think I can protect my HTML source code by many methods, example: use encrypt program...

#2 Question: now I don't need to protect my source code but I don't want visitors disable my Javascript, example I use Javascript to compel visitor input some fields... If they can disable Javascript I think I must check information inputed by visitors by server script like PHP or ASP. Notice that they can not save as my page and change HTML, Javascript code because I have also protect my page by Session (I use PHP):

<?
if(!isset($_SESSION['protect'])) exit(); //
...
?>

So if they save the web space, $_SESSION['protect'] will empty.

Thanks,

[desman]

You cannot protect HTML it’s just that simple…. No Right click’s, JS encryption, just doesn’t work. If somebody wants your images they will get it.

Some people code there own browsers (in house) to use get methods and pull your site down, images and HTML. The only thing they cannot access is the server side code unless they have root/ftp access.

[mr5]

Thanks, desman. But I think you don't understand what I mean.

Example, I have this file :

form.htm

Quote:

<html>
<head><title></title>
<script>
<!--
function validate(){
if (sendform.name.value == ""){
alert("Please input your name");
}
else sendform.submit();
}
</script>
</head>
<body>
<form method=post action="send.php" name="sendform">
<input name="name" type="text" id="name" size="40" maxlength="50">
<input type="button" onClick="validate()" value="Submit">
</form>
</body>
</html>

OK, they can save this file and change the code:

<input name="name" type="text" id="name" size="40" maxlength="100000">
<input type="button" value="Submit">

They also deleted onClick="validate()" to ignore Javascript.

My question here is: if they don't save the file, can they disable Javascript? I.e they can send the form without input any thing.

[Wullie]

Quote:

Originally posted by mr5
If they can disable Javascript I think I must check information inputed by visitors by server script like PHP or ASP.

So if they save the web space, $_SESSION['protect'] will empty.

JS can be used to validate without another hit to the server, but you should always double check the input with a server-side solution.

Have you tried saving the code, then opening a browser to the page while you submit the data? This should easily bypass your session check.

As has been mentioned, you cannot in any way protect your HTML or any other client-side language, other than creating your own browser or plug-in and forcing users to use that to see your site.

[mr5]

That means they can not "turn off" JS if don't save the page.

But I don't know why I must check the input with a server-side solution if I can protect my website with session. Because the PHP code "protect with SESSION" is too long so I can not post here, but it likes that:

// only one page to input info and send. test.php

PHP Code:

<?
session_start();
if($page=="send"){
if(isset($_SESSION['security']))
echo("Your name is $name"); 
else echo("false");
}
else {
$_SESSION['security']=1;
?>
<script>
<!--
function validate(){
if (sendform.name.value == ""){
alert("Please input your name"); 
}
else sendform.submit();
}
</script>
<form method=post action="[b]test.php?page=send[/b]" name="sendform">
<input name="name" type="text" id="name" size="40" maxlength="50">
<input type="button" onClick="validate()" value="Submit"> 
</form>
<? } ?>

I think this page is safe. Notice that $_SESSION[''] does not exist in a new browser's window, that means if you open another IE's window the $_SESSION[''] does not exist.

Try my test.php. While open the test.php, open another new window and input in address bar: test.php?page=send&name=Jame

You'll see: "false"

So however they can save the page but they can not harm my website

[stdunbar]

mr5,
Never, ever, ever trust what the client sends you. Yes, it's a pain to check all the input on the backend. Yes, Javascript can do some of that for you. I'd still encourage you to use Javascript for simple typos but you really don't want to trust the client.

[desman]

Oh ok sorry, your best bet is to validate server side, you won’t have a problem.

PHP Code:

ASP
Sub BindEvents()
    Set YourForm.YourField.YourEvents("OnValidate") = GetRef("YourForm_YourField_OnValidate")
End Sub

Function YourForm_YourField_OnValidate() 

    If CStr(YourForm.YourField.Value) = "" Then _
        YourForm.YourField.Errors.addError("You must enter a value")

End Function

-----------------------------
PHP
function BindEvents()
{
    global $YourForm;
    $YourForm->YourField->YourEvents["OnValidate"] = "YourForm_YourField_OnValidate";
}

function YourForm_YourField_OnValidate()
{
    $YourForm_YourField_OnValidate = true;

    global $YourForm;
    if (!strlen($YourForm->YourField->GetText()))
    {
        $YourForm->YourField->Errors->addError("You must enter a value");
    }

    return $YourForm_YourField_OnValidate;
}