12-19-2005, 10:00 PM
I like having scripts external, but I wonder about the security of internal anyway. Someone could save and change the HTML, right? But is that possible with an external script? I always thought not (unless there was an error), until a person on this forum was able to grab the script I was working with at the time. No problem with that, but it brings up the question in my mind about security in general surrounding java-script.
any suggestion are appreciated!
12-19-2005, 10:20 PM
12-19-2005, 10:30 PM
Even an external script can be downloaded?
12-19-2005, 10:32 PM
Yep, it gets cached but the user could view the source navigate to the js, file save as, its saved. js is parsed as text in Firefox. If you have Firefox type the location of your js file into your browser, it will show as text, if you do it in IE it will try to download it.
12-19-2005, 10:40 PM
Thanks. I did not know that. So I guess it makes no difference, as far as security goes anyway, whether your script is internal or external.
12-20-2005, 09:52 PM
12-21-2005, 08:29 AM
Might I ask whether it is possible for a user (customer) to modify a script which is in use, for example, an order form calculates shipping costs based on quantity/destination (say result is $20), could a user alter the calculation to result in (say) $2, and then submit the form? Or otherwise change the prices?
12-21-2005, 09:19 AM
A user can change anything on their own system.