I have a variable in JavaScript:
var userIp = '192.168.0.1';
However, user can open browser console and overwrite it:
userIp = '123.45.127.21';
How I can lock this variable, to user can't change it value? Is it possible?
How I can lock this variable, to user can't change it value? Is it possible?
No, it isn't. You can make it harder by making the variable not a global, but it's still not remotely hard.
Client-side code is completely and totally insecure. Users can change values of variables, modify code, completely replace the code, etc. They can also manipulate the page contents. Anything the client side sends to the server may be spoofed, and so the server has to treat everything it receives as potentially-compromised.
Related
I have a task in which I need to transfer the value of a variable from a subdomain to a domain. I am using localstorage. I have a domain, and I have a subdomain, which means that each has its own script file, template file, etc.
In the subdomain script file, I write the following, i.e. I put the value of the variable into the localstorage cell:
/subdomain script file/
localStorage.setItem("city_id", city_id);
In the domain script file, I am trying to get this value like this:
/domain script file/
var result = localStorage.getItem("city_id");
console.log(result);
But the console displays undefined.
Has already worked with localstorage, and more than once. But one thing is not clear to me, if this is a browser storage, then there is no difference where you enter the value, and where you try to get it (I'm talking about different script files).
Maybe I missed something, or I don't fully understand how localstorage works. If localstorage does not work that way, please tell me other methods of transferring the value of a variable from a subdomain to a domain, or vice versa. Thank.
Can my JavaScript code be edited at runtime by (malicious) users, even when it is uploaded in a web hosting site?
For example if I declare a variable in my script something like:
var myvalue = 2;
I want to know if it can be edited to:
var myvalue = 1;
Short answer: yes.
Anyone can open the browser's Developer Tools and change values, execute arbitrary code, remove or change or edit anything they like.
So if there is anything crucial in your application where an invalid value could cause a security or data validation issue, then, if that data (or data which is derived using that value) is submitted to the server, it must be re-validated using server-side code (which of course cannot be changed) before being accepted.
P.S. Bear in mind that any edits to the code or variable values will only persist until the next time the page is re-loaded. When the page is refreshed, the JavaScript and HTML files will be downloaded again from the server and all code and variable values are reset to their starting state. Assuming there are no other security vulnerabilities in your server, then a malicious user cannot edit the original source code files which are stored there. They can only change the copy which gets loaded into the browser.
I've looked at several questions asking how to remember the variable, but I'm having the opposite problem which is surprising to me.
My main.js file will have this:
console.log(name);
and I get nothing. If I try to log it in the console it returns undefined, that is expected,
now I create the variable like this:
var name = "Sandy"; //global variable
console.log(name); //returns "Sandy" which is also expected.
But now the unexpected happens. I remove the variable so we're back to this, and then I refresh the page:
console.log(name); //This returns "Sandy" still...
How is this happening and why? I thought it was cookies, so I tried it in incognito mode (Maybe I misunderstand incognito?) But it works exactly the same.
In order to make the variable go away I have to close down the browser and open up a new window.
After reading briefly about LocalStorage, cookies, and incognito, it sounds like cookies are the problem, but wouldn't I have to create the cookie manually?
It seems like the browsers should be forgetting the variables unless I explicitly set the variable to a cookie.
By declaring a global variable called name you are overwriting a window.name property, which doesn't reset on page refresh.
window is a built-in object, specific to each opened tab in a web browser and represents a containing document. You can read more about the window object here and more about its name property here.
You can also check what happens during execution of your code by logging window.name before and after you define your variable.
It's best to avoid using name as a variable in JavaScript code that runs in a browser. Set your variable to something else (that is not a reserved word or a propery name of a built-in object) and your code will work.
On my homepage I have to set a cookie using the name of the logged in user. The cookie set and get part has to be done in JS. On the subsequent sub pages I have to retrieve the cookie(username) using the set variable name.
How can I store the username/cookie name so that it is publicly accessible across all the pages? This username will obviously change with each new user and is not constant.
I have tried doing this using external JS file but in every new page the value is reset to default which I don't want.
The exact solution to my problem is like the work done by:
public static variable
in Java (not final). I want to achieve this in JS.
There is no such thing in Javascript unless you use a storage API (client side storage, or cookies, or something like that). The reason is that when you move from one page to another, it doesn't particularly matter to the browser. It wipes its slate and starts over, keeping explicitly stored data like cookies and such, and deleting everything else that is dynamically created. So the short of it is, if you want each page to know the name, you have to include the name in each page's code (manually or via script).
I don't quite know your application. In javascript you have function prototypes. In a function prototype you can declare 'static' members like so:
function C(params for constructor){
C.aStaticVariable = 5;
}
alert(C.aStaticVariable); //available everywhere
I just began to learn javascript, so here is a silly question :
What happens to a javascript variable after a call to the server? Are all the variables wiped out?
I read somewhere that javascript variable in ajax can act like session or cookie. Is that true?
All of the run-time state is reset whenever the browser does a page-load, such as navigating from foo.com/bar to foo.com/baz. This includes all JavaScript variables, as well as the current DOM. However, asynchronous calls to the server, such as XHR, do not affect run-time state, and all JavaScript variables will stay.
If you'd like to preserve values between page-loads, you can use cookies or localStorage.
It depends, what scope the variable is in. Also, Ajax is different then submitting a page, so your variables are persisted.