Page 1 of 1
Javascript/PHP
Posted: Fri Feb 02, 2007 3:33 pm
by tecktalkcm0391
Is there a way to send a value on a page in PHP into an included javascript in the html in the form of
Example:
Code: Select all
<script src="displayname.js"></script>
Posted: Fri Feb 02, 2007 3:55 pm
by xinnex
Just request the php-file as if it was a normal javascript-file.
Code: Select all
<script type="text/javascript" src="name.php"></script>
name.php:
Code: Select all
<?php
$name = 'Chris';
?>
window.alert('<?php echo $name?>');
Posted: Fri Feb 02, 2007 7:38 pm
by tecktalkcm0391
That's not exactly what I was looking at doing. I wanted to make it so that the variable on page1.php was passed to page2js.php somehow... and then then javascript output was used
Posted: Sat Feb 03, 2007 5:31 am
by xinnex
I'm not quite sure I follow that..
Why would you want to send the variable to a second page?
Posted: Sat Feb 03, 2007 12:54 pm
by tecktalkcm0391
I was trying to get it there so that I can use it to protect the Javascript, but I got it.... to work.... I've figured out the fool proof [to me atleast] to protecting javascript files.
Posted: Sat Feb 03, 2007 1:10 pm
by nickvd
No you didnt
It's not possible to secure any scripted language, as the browser (or server) needs to read the un-obsfucated source code to run the script. What you did is make it (a little bit) tougher to get the source.
Think of it like car alarms. They won't stop your car from being stolen, but they will reduce the chances a little. Ultimately if they want your car, they will take it, nothing can stop someone who is determined enough.
Posted: Sat Feb 03, 2007 4:18 pm
by tecktalkcm0391
Well what I did allows the browser to read the code... and as soon as it does block the user from going to the location of the javascript code... and the code isn't cached so it no were to be found. Can users really still get the code?
Posted: Sat Feb 03, 2007 7:34 pm
by feyd
Absolutely possible.
Posted: Sun Feb 04, 2007 1:35 pm
by tecktalkcm0391
May I ask how? And if anyone wants to try... I posted a test here...
http://tecktalkcm0391-testingphp.awards ... y_test.php
All the javascript code does it alert("PASSED"); to show that the code has been run, but I have a line that has /* the code is ... */ and if someone can find out the line, can you please let me know, cause I can't figure out how, meaning that I think the javascript might actually be "secured" to some length.
Nothing can stop someone to view you javascript code
Posted: Sun Feb 04, 2007 2:58 pm
by boba
Hey, tecktalkcm0391
The most easy way to view JS source - FireFug plugin for FireFox
I've just spent 15 secs to view your JS source.
nickvd was right, browser has to receive valid JS, and if it does then smart man can view it without any problems
Code: Select all
alert("PASSED");
/* This is the code: z3nacrEsp7 */
Everything you can do - obfuscate your JS code, it will be hard to read it but it doesn't mean that nobody can!
Posted: Sun Feb 04, 2007 3:03 pm
by feyd
Yeah "z3nacrEsp7" was easy to pull out. Web developer plugin has "view Javascript" which will show you the Javascript for the page.

Even obfuscation wouldn't be much of a barrier.
If the browser can read it so can the user without too much trouble.
Posted: Sun Feb 04, 2007 3:12 pm
by boba
One more question, tecktalkcm0391. What for are you going to hide your JS?

Posted: Sun Feb 04, 2007 3:13 pm
by alex.barylski
The best thing you can to protect your JS source would be to obfuscate and store everything in a single monolithic function...most people would give up and just try and re-implement...
At least I would - unless you had some wicked algorithm or technique which I couldn't figure out...
Honestly though, most of what you can do in PHP or JavaScript can easily be replicated by any mediocre developer...there is little use in trying to protect such code...if it's that unique, apply for a patent - thats your best form of IP protection...
Just my 2 cents
