How secure is jquery/javascript?

Discuss the many weaknesses of browser security and ways to mitigate the threat

How secure is jquery/javascript?

Post by Billh93 on Mon Jan 07, 2013 9:33 pm
([msg=72117]see How secure is jquery/javascript?[/msg])

How secure is jquery/javascript? For example, I want to incorporate some of the cool effects that jquery has to offer when users submit there data etc. However, I am going to use php for transporting data so am I safe by doing this? I know js can be disabled so will users still be able to send data even when js is turned off?? Thanks!
Billh93
New User
New User
 
Posts: 15
Joined: Sun Nov 27, 2011 5:26 pm
Blog: View Blog (0)


Re: How secure is jquery/javascript?

Post by WallShadow on Tue Jan 08, 2013 12:42 am
([msg=72125]see Re: How secure is jquery/javascript?[/msg])

With javascript/jquery, you must assume that the user has access to everything he is given. If you give him a fancy login screen, he has the ability to mod/hack the js to his hearts content. So if you are securely processing the data you receive from the user server-side (along with proper filtering of course), then you can feel free to do anything fancy like effects with js. If js is disabled, then anything that you make based on js won't work, but html elements still work, so a <form> tag will still work as intended. You may want to also use the <noscript> tag which displays html when js is disabled.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 614
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: How secure is jquery/javascript?

Post by Billh93 on Tue Jan 08, 2013 2:59 pm
([msg=72134]see Re: How secure is jquery/javascript?[/msg])

Okay, cool. Where should I put the no script tag? Do i put it before the html or body tag? and is there a function for php that checks if javaScript is turned off? For example
Code: Select all
if(typeof Javascript === false)
{
//run this code
}
else
{
//run jsScript
}
Billh93
New User
New User
 
Posts: 15
Joined: Sun Nov 27, 2011 5:26 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests