1

First of all, I'm not sure if this is javascript injection. I have a code like this:
<a onclick="requestPage('/abc.php')" href="#" style="margin-left: 10px;"> <i class="fa fa-angle-double-right"></i> Add Member </a>
There is a call as you can see "requestPage". There are many links like this and when they are clicked, they send a parameter to this function. Now, when you right click this element and see the code in the console, you can change it obviously and make it go to another page instead of the page that was meant to be sent.

Another problem is, when you open the console and put any javascript code in between script tags or in any function, it executes that.
How do I prevent all this?

Improve this question
4
  • 1
    "How do I prevent all this?". You can't. User will always be able to do something in console, change you HTML, etc. Just make sure app handles permissions and session properly. Server side is very important in this case. Commented Mar 14, 2015 at 11:14
  • 1
    You can't prevent people from using the tools in their web browsers. If somebody wants to execute code on their own computer, they're allowed to do that. Commented Mar 14, 2015 at 11:21
  • David, I'm trying to prevent people from executing their own code using MY website. Commented Mar 14, 2015 at 11:38
  • @bladla — You're trying to prevent people from executing their own code using THEIR browser. Your site might have sent a page to their browser, but it's in the browser (not your server) when they execute their JS. Commented Mar 14, 2015 at 11:47

1 Answer 1

Reset to default
1

There is no way to prevent any kind Client-side changes to happen. The only place you have full control over is your Server Code.

But those client-side changes you speak of are only applying to one client, and not globally, which means that as as long as your server logic is secure you don't have to fear anything from that.

Maybe this will help you understanding: Wikipedia: Client/Server

Cheers!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Putting all script code in another .js file, would that work for me?
@bladla No, it won't. You simply can't avoid it and that's it. It might make it slightly harder, though.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.