如何隐藏 JavaScript 中的变量值?
[英]How do I hide a variable value in JavaScript?
问题描述
I am currently working on a JavaScript project and know that JavaScript source code is accessible through the browser.
我目前正在做一个 JavaScript 项目,并且知道 JavaScript 源代码可以通过浏览器访问。 In the code, I have a variable that stores a secret string that is used by the program.在代码中,我有一个变量存储程序使用的秘密字符串。 However, I do not want others to view the source code and find out the value of this variable.但是,我不想让别人查看源代码,找出这个变量的值。 Is there a way to hide the value of a variable?有没有办法隐藏变量的值? Or is it possible to change the variable value after?还是可以在之后更改变量值? For instance, change the actual source code to set the variable to a different value?例如,更改实际源代码以将变量设置为不同的值? This variable is only used the first time an image is loaded so it would be okay to remove it altogether if that is possible.此变量仅在第一次加载图像时使用,因此如果可能的话,完全删除它也是可以的。
5 个解决方案
解决方案1
1 2015-03-06 01:14:54
Javascript is run on the client, so I don't think this is going to possible. Javascript在客户端上运行,所以我不认为这是可能的。 Anything that you need to be kept secret is going to need to be server side. 你需要保密的任何东西都需要服务器端。
解决方案2
1 已采纳 2015-03-06 02:16:02
You cannot hide JavaScript content from a programmer. 您无法向程序员隐藏JavaScript内容。 They can always open the developer console and get all your variables. 他们总是可以打开开发人员控制台并获取所有变量。
What's worse, they can use said console to directly bypass any JavaScript validation, so it cannot be your primary security. 更糟糕的是,他们可以使用所述控制台直接绕过任何JavaScript验证,因此它不能成为您的主要安全性。
If it is something you must hide or secure against, you must look into a server side solution. 如果您必须隐藏或保护它,您必须查看服务器端解决方案。
解决方案3
0 2015-03-06 01:26:06
JavaScript is client side, and there isn't really anyway to hide the code. JavaScript是客户端,并且实际上没有隐藏代码。
What you can do: Prevent common users from seeing it (aka making it harder to find) 你能做什么:防止普通用户看到它(也就是说更难找到)
My suggestion is to encrypt the data using some sort of cipher (preferably not an online encryption tool). 我的建议是使用某种密码加密数据(最好不是在线加密工具)。 This stops most lazy people from seeing it. 这可以阻止大多数懒人看到它。
(Assuming no one is actually trying to find this mysterious value) (假设没有人真正试图找到这个神秘的价值)
解决方案4
0 2022-05-08 08:55:18
What you ask is impossible at the moment.你问的是目前不可能的。
But there's a JavaScript proposal Function implementation hiding , which – as the name suggests – hides function implementation from being observed.但是有一个 JavaScript proposal Function implementation hiding ,顾名思义,它隐藏了 function 实现不被观察到。 The proposal originated in mid-2019, and is in stage 2 (out of 4) at the moment.该提案起源于 2019 年年中,目前处于第 2 阶段(共 4 个阶段)。 I personally doubt that it will ever be part of the standard, but if it does, in theory you could hide the secret inside of the body of a hidden function:我个人怀疑它是否会成为标准的一部分,但如果它成为标准的一部分,理论上你可以将秘密隐藏在隐藏的 function 的主体内部:
function fetchData() {
"sensitive"; // ← the proposal
const SECRET = "VGhlIG1lc3NhZ2UgaXM6IFIyeHZjbmtnZEc4Z1ZXdHlZV2x1WmZDZmg3cnduNGVt";
return fetch(DATA_URL, {
headers: {
"Authorization": `Bearer ${SECRET}`,
},
});
}
The SECRET variable cannot be inspected through debugger or through fetchData.toString() .无法通过调试器或通过fetchData.toString()检查SECRET变量。 However, the value of Authorization header is visible in a.network tab in console, so the whole thing is inappropriate for this use case.但是, Authorization header 的值在控制台的 a.network 选项卡中可见,因此整个事情不适合此用例。
解决方案5
-2 2015-03-06 01:14:44
一个解决方法是使用Ajax从另一个页面获取值,如PHP文件。
解决方案6
-2 2022-05-08 08:17:55
Well, you can just put the entire code into one function and then execute it after that in the same script.那么,您可以将整个代码放入一个 function 中,然后在同一脚本中执行它。 That helped me.那对我有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.