I have a question about SSJS.
With SSJS, is it possible to hide code from the user?
Other ServerSide languages like PHP aren't viewable in the source because they are processed before the client side, the browser
A little example of what I want:
<html>
<head>
<script runat="server">
function getPassword(){
var password = "myPass";
return password;
}
</script>
</head>
<body>
<script>
alert(getPassword());
</script>
</body>
</html>
I tested this, but the password is still viewable
Am I doing something wrong so that my example is simple CSJS or is it impossible to hide SSJS-code?
Adhering to the wise words of T.J. Crowder, your file could be a classic .asp file on a windows based host (so a file with the extension .asp), looking like this:
<% #language=ecmascript %>
<%
function getPassword(){
var password = "myPass";
return password;
}
%>
<html>
<head>
</head>
<body>
<script>
alert('<%=getPassword()%>');
</script>
</body>
</html>
Or more in line with your style it could look like:
<script language="jscript" runat="server">
// mind the 'language' property, it is required.
// The script tag doesn't have to be
// in the header of the html-document.
function getPassword(){
var password = "myPass";
return password;
}
</script>
<html>
<head>
</head>
<body>
<script>
alert('<%=getPassword()%>');
</script>
</body>
</html>
Both ways the server side scripting will not be visible in the page source. Aside: <%=...%> can be viewed as shorthand for Response.Write(...)
For other hosts, check your provider or the wikipedia list given in David Dorwards answer
Yes, your server-side code can be hidden from the user, exactly as with any other server-side language. You have to serve the relevant HTML file via a server that understands server-side JavaScript, and you have to configure that server correctly (by default, .html files probably aren't going to be pre-processed; typically HTML files with server-side code would have a different extension, such as .shtml, .asp, .aspx, etc., depending on the platform on which you're running them; although of course with proper configuration you can have anything handled correctly). If you were able to see the code above via a web browser, then you've missed out one of those steps.
Note that server-side JavaScript will have the benefits, and disadvantages, of any other server-side language. You can't (for instance) do any scripting of the client's browser with any server-side language, which is why you see so much client-side code around. (Perhaps that was obvious. :-) )
Any server side JavaScript will only be available on the server but, just as you need to run PHP through a PHP engine before sending it to the client, you have to run SSJS through a JS engine before sending it on.
You can find a list of such engines at Wikipedia, although node.js is probably the most popular at present.
runat="server" is, IIRC, an ASP.NET construct. If you want to go down that route, you'll need to be using ASP.NET for a start. I've no idea if the syntax you have is right though.
Related
In my html document (which is in the xampp/htdocs directory), I'm using an external .js file. The .js file is in the same directory as my html file. I'm simply trying to use document.write() function and it's not printing anything.
I don't understand what I'm doing wrong. Whats the issue?
HTML file
<!DOCTYPE html>
<html>
<head>
<?php include 'include/head_elements.html'?>
<script type="text/javascript" src="register.js"></script>
</head>
<body>
<h1>Company Account creation</h1>
<div id="registration_menu">
<!--Elements are added and removed dynamically using JS-->
</div>
<script>
hello();
load_element_group("email_verification");
</script>
</body>
</html>
JS file
function hello(){
document.write("Hello world")
}
Internet Explorer's security policy may block certain scripts from running on a local machine.
There are ways to avoid this -- such as by adding the XAMPP website as a trusted location -- but often this gets tricky since the default "Intranet Zone" is auto-configured on a PC and modifying that can have other consequences (different zones assume different settings, such as passing NTLM credentials to local websites).
See also https://stackoverflow.com/a/7038775/3196753
A quick fix often is to add the fully qualified domain name (FQDN) to the URL, but depending on the zone settings, this may still cause issues.
A final solution, and one many developers fall back on, is to actually use a registered DNS address, such as http://localtest.me/, which points back to localhost and should use the "Internet Zone".
As Chris G points out in the comments, this isn't typical. Normally localhost can be used without issue so I've provided an example Local Intranet setting which can cause this:
I have a simple website with some basic scripts just like this:
<html>
<head>
<title>Welcome to my website but a user can view page source --oops</title>
<script>
//some basic javascript codes i used to build the website
</script>
</head>
<body>
<p>More contents on the actual implementation of the website.<p>
</body>
</html>
Is there a way I can use server side processing technique to cluster the contents of view page source as I have tried using javascript bt no substantial outcome. Please assist!
You can't hide javascript, html, or css from users. You can proccess out in server like php some code but you need to return html. The only way to complicate user's reading of your code, you try minimize javascript/css/html code. YUI compressor can help you:
http://refresh-sf.com
This makes your code more difficult to read, but the behaviour is the same.
Good luck.
I'm working with classic asp on server including the javascript file in the document like this:
<!--#include virtual="datoteke/jsPDF-master/jspdf.js"-->
...when i run my file on server, browser prints all the comments from included files to the screen. I tried to include it also like this:
<script type="text/javascript" src="jsPDF-master/jspdf.js"></script>
...it worked on localhost, but on server it doesn't, i get an error when i create an instance to the class in my javascript file: "[object Error]"
Why is it printing all those comments to the screen and how do I actually include javascript on server side? What did i do wrong?
The browser looks for JavaScript code in <script> tags. Your first statement does not seem to include those tags at all. I guess you want something like this:
<script type="text/javascript">
<!--#include virtual="datoteke/jsPDF-master/jspdf.js"-->
</script>
You should also know that the virtual directive makes a subrequest to load the file through the web server, which I suspect don't need/want. Give file a try.
Edit: There's a quite nice article about SSI in Wikipedia. Please note that IIS supports Server-Side Includes but it isn't related to ASP Classic at all.
I have a thttpd server set-up which has the following html file. When I give address server-address/file-name.html on a standard web browser errors on the script is logged in error console of browser. I am confused about where the script is run actually? Is it on the client side or are the error messages just passed on to browser by server?
My requirement is to run script on a server to generate dynamic web pages upon client interaction.
<html>
<head>
<title>Entitled Document</title>
<script language="JavaScript" >
Function Java_Scriptfn()
{
alert('Test'
}
</script>
</head>
<body>
<input type="button" value="Script_Check" onclick="Java_Scriptfn()">
</body>
</html>
That is purely client side code, so it runs on the client.
As far as I can tell, thttpd only supports server side programming via CGI.
JavaScript that is embedded in a HTML site (either inline or load from another file) is always executed client-side (that means in your browser).
If you want it to be executed, server-side, you need something like node.js.
It's client side code; any Javascript files included in an HTML page will run client-side (although they can talk to a server, that's different).
Can I write ASP code in a .js file. Or if there is any way through which I can update database in a .js file.
Technically, yes.
You need to add the js extension to IIS and the web.config file:
<system.web>
<httpHandlers>
<add verb="*" path="*.js" type="System.Web.UI.PageHandlerFactory"/>
</httpHandlers>
The other option (which I recommend) is request an .asp file, like this:
<script type="text/javascript" src="yourASPfile.asp"></script>
And yourASPfile.asp would send a javascript header:
<%
Response.ContentType = "application/x-javascript"
%>
Although technically, you don't need to set the header.
Now you can write asp/javascript and it gets parsed by the server THEN delivered to the browser to be used.
If you mean that you want to use server-side scripting to generate your .js files, Dan's answer helps you there.
If you mean you want to use Javascript as your server-side ASP language, yes, you can do that. You can set it up by configuration (changing the default langauge from VBScript to JScript), or you can do it explicitly per-file. I do the latter, just because the overwhelming assumption is that .asp pages are written in VBScript. Here's an example:
<%#Language=JScript%>
<!DOCTYPE HTML>
<html>
<head>
<title>Example Javascript ASP Page</title>
</head>
<body>
<%
var hello;
hello = "Hello from Javascript!";
Response.Write("<p>" + hello + "</p>");
%>
</body>
</html>
I do this in any Classic ASP app I write, because that way I'm using the same language on the client and the server. I frequently code up a piece of abstract functionality that ends up being in both places (via includes). Very efficient. :-)