This question already has answers here:
Why does Google prepend while(1); to their JSON responses?
(8 answers)
Closed 8 years ago.
Why is there a for(;;); preamble in facebooks JSON responses?
See this StackOverflow post: How to restrict JSON access?
In particular this comment within that thread: for/while loops in JSON responses
Basically this is used so that attackers can't get the URL and include it on their page and have JavaScript now put the variables on the page because as soon as the request has been serviced the browser will go into an infinite loop not allowing other JavaScrip access to said variables which would potentially allow attackers to use your browser to get information that is meant to stay private.
Basically this just runs an infinite loop when parsed. That way, the user's browser freezes (eventually providing a popup allowing the user to stop the script), and the data is never actually read. Hope this makes sense!
Related
This question already has answers here:
How do I hide javascript code in a webpage?
(12 answers)
Closed 12 months ago.
Is there a way I can stop people from seeing the Javascript Source code that includes the Server API key and server information?
No, there is not.
You can obfuscate and minify your code, but that doesn't help since your users can look at their browser's Network Inspector instead.
This question already has answers here:
HTTP GET request in JavaScript?
(31 answers)
Closed 6 years ago.
I want to send an async HTTP request from the HTML, parse a response, and update an HTML page respectively. Is there a way to do it without using AJAX or any other third-party library?
I'd like to find the most basic way to do this.
Since libraries can do it, it should be possible without them too.
Worth saying, that I'm a mobile developer who checks web development for a couple of days.
UPDATE 1
I didn't have to call AJAX a "third-party library". My bad.
UPDATE 2
Thanks everybody who responded. What I've learned: the only way to do what I wanted is AJAX, in particular, XMLHttpRequest.
There is no way without JS. The most basic way is to either use the new fetch() API, or good old XMLHttpRequest() link
This question already has answers here:
How to prevent your JavaScript code from being stolen, copied, and viewed? [closed]
(10 answers)
Closed 7 years ago.
I've developed web software that I would like to start leasing to companies.
It is a javascript program that works as module that only needs linked from their site to utilize.
What are the methods available to secure that the scripts only work for selected clients, paying customers?
I was thinking I could provide them with a code that would need to be verified in my database before printing out the javascript to their page, but after the first fetch they would gain access to the javascript which they could copy and thus never have the need to pay again..
Moving your business logic code to the server is the only reliable way.
Of course you could obfuscate your code and have it only work by fetching a token from your server, but that'll get cracked eventually and obfuscated code has a real performance cost.
This question already has answers here:
Is it possible to detect a visitor's browsing history using JavaScript or PHP?
(5 answers)
Closed 9 years ago.
Is possible read the browser history with Javascript? If the answer is Yes, how can I do it?
I want to read it and save it in a JS variable.
No. Other sites visited by a user are their business, not the business of every website they visit. Browsers do not expose that information to web sites.
Browsers go to pretty serious lengths to plug anything that could leak a user's history to websites
In general history is protected by the browser against javascript accessing it except through back and forward functionality.
Source From : Access my entire browsing history via Javascript
This question already has answers here:
How can I obfuscate (protect) JavaScript? [closed]
(22 answers)
Closed 9 years ago.
I want to have two separate files in JavaScript with the same name , can i do it in javascript ?
I want to expose only part of the code to the user and not all the file
(Do we have any concept on javascript like the c# partial classes ?)
Thanks
Shimon
In the Web Browser, all of the JavaScript code is interpreted locally on the user's machine. So for the Web Browser to be able to interpreted correctly it needs all of the source code. So the answer to your main question is "no".
The closest solution to your problem is doing some sort of obfuscation of the source code. When you do that, it makes the source code very hard for the user to read the source code, but the Web Browser can still interpret it.
To answer the last question, all objects in JavaScript can be extended like partial classes in C#.
Nope - you can't fully hide JavaScript from your end users. The users browser needs to be able to parse the code and as such the user will have access to it as well.
What you can try to is use some form of code obfusication. This will still allow the user's browser to parse the code but will make it very difficult for a user to read and understand what's going on.
That said, it's not impossible for a user to un-obfusicate the code and see the logic behind it - it is just another layer of security but by no means fool proof.