堆栈内存溢出
  简体   繁体   English

使用注释来解释Javascript中的功能是否“安全”?

[英]Is it “safe” to use comments to explain the functions in Javascript?

 原文  2014-07-04 18:28:16       javascript/ security

问题描述

Is it "safe" to put comments explaining the functions of the script in Javascript ? 在Javascript中添加解释脚本功能的注释是否“安全”? (Visible inside the public script) (在公共脚本中可见)

Given that every users can read and modify the "Javascript", does the fact of using comments directly in the script could be dangerous ? 既然每个用户都可以阅读和修改“ Javascript”,那么直接在脚本中使用注释的事实是否会很危险?

Because if I was a "hacker" and wanted to find an exploit, I think comments in the script explaining all the functions would make my life easier... 因为如果我是一个“黑客”并想找到一个漏洞利用程序,那么我认为脚本中解释所有功能的注释将使我的生活更加轻松...

6 个解决方案

解决方案1
 8 已采纳  2014-07-04 18:29:48

Skilled hackers don't need any comments. 熟练的黑客不需要任何评论。

You can never rely on anything on the client for security; 您绝对不能依靠任何客户端来保证安全性。 all security boundaries must be verified on the server. 必须在服务器上验证所有安全边界。

解决方案2
 2  2014-07-04 18:30:22

In my opinion, no ...it's not safe. 我认为不,这不安全。 It's really up to you and your specific situation. 这完全取决于您和您的具体情况。 I bundle and minify personally, which removes those comments. 我将其打包并缩小,以删除这些评论。

解决方案3
 1  2014-07-04 18:31:08

It depends on really what your program or script is designed to do. 这实际上取决于您的程序或脚本的设计目的。 If it is a script that deals with secure information or data storage then the code itself should not be able to be modified by every user. 如果它是处理安全信息或数据存储的脚本,那么该代码本身不应被每个用户修改。 Users designed to use the program should have access only to running the program. 设计为使用该程序的用户应该只能访问运行该程序。

解决方案4
 1  2014-07-04 18:31:28

您可以在javascript代码中添加所需的任何注释,但请确保将文件缩小(删除注释),并使不可缩小的文件不可访问

解决方案5
 1  2014-07-04 18:35:32

There is no expectation of your source code being secure client side. 我们不希望您的源代码是安全的客户端。 Anyone can view your html, css, and javascript files if they wanted to. 任何人都可以查看您的html,css和javascript文件。 Instead, focus on making sure that data flow is secure between client and server. 相反,应着重确保客户端和服务器之间的数据流安全。 For example, use https when dealing with passwords, credit card numbers, and other sensitive information. 例如,在处理密码,信用卡号和其他敏感信息时,请使用https。

解决方案6
 1  2014-07-04 19:46:35

You can add as much comments as you want. 您可以根据需要添加任意评论。 Adding a comment behind a function is not going to cause any trouble and will give you a better view on how you script works. 在函数后面添加注释不会造成任何麻烦,并且可以使您更好地了解脚本的工作方式。 I personally add comments to my scripts ofter, because then I can tell easier what the function does. 我亲自在脚本中添加注释,因为这样我就可以更轻松地知道该函数的作用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Javascript解释“ this”的用法 - Javascript explain the use of 'this' 使用javascript重定向安全吗? - is it safe to use javascript redirects? 使用||是否安全 而不是如果? - JavaScript - Is it safe to use || instead of if? - JavaScript 有人可以解释这些JavaScript cookie函数吗? - Can someone explain these JavaScript cookie-functions? 为什么在JavaScript注释中使用'@'-@param - Why use '@' in JavaScript comments - @param 使用PHP交付JavaScript是否安全? - Is it safe to use PHP to deliver JavaScript? 使用JavaScript sha1安全吗? - Is it safe to use a javascript sha1? 这是使用Javascript eval()100%安全吗? - Is this use of Javascript eval() 100% safe? 在Javascript中奇怪地使用“for”循环,请解释 - Strange use of “for” cycle in Javascript, please explain Javascript:对象和函数…有人可以解释为什么这行不通吗? - Javascript: objects and functions … Can someone explain why this wont work?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM