如何防止客户端用户更改onClick函数中的参数?
[英]How to prevent the clientside user from changing arguments in an onClick function?
问题描述
I just realized while testing an onClick function with firebug that it would be really easy for a user to change the value of the arguments being passed. 
我刚刚在使用firebug测试onClick函数时意识到,用户很容易更改传递的参数的值。 This could mess thins up. 这可能会弄得很糟糕。
Is there any easy way to prevent this, especially when arguments need to be passed? 有没有简单的方法来防止这种情况,特别是当需要传递参数时?
5 个解决方案
解决方案1
4 已采纳 2012-05-03 12:13:04
It is impossible. 是不可能的。 The code is executing on the user's computer. 代码正在用户的计算机上执行。 They are in control. 他们掌控着。
If they edit it and "mess it up", then that is on their head. 如果他们编辑并“弄乱”,那就是他们的头脑。
If they edit it and it submits an HTTP request to your server, and your server allows (for instance) that request to delete data belonging to another user then the problem is that your server didn't check that the user submitting the request had permission to delete that data before following through. 如果他们编辑它并向服务器提交HTTP请求,并且您的服务器允许(例如)该请求删除属于另一个用户的数据,那么问题是您的服务器没有检查提交请求的用户是否具有权限在完成之前删除该数据。
解决方案2
4 2012-05-03 12:15:33
You cannot trust anything sent from the client. 您无法信任从客户端发送的任何内容 。 The user might hand-edit the URL arguments, or a script kiddie could send you a request not even using a browser at all. 用户可以手动编辑URL参数,或者脚本小子可以向您发送甚至根本不使用浏览器的请求。 You must validate everything server-side. 您必须验证服务器端的所有内容。
解决方案3
3 2012-05-03 12:15:02
No, this simply can't be done. 不,这根本无法完成。
Once the script is loaded to the client's machine. 将脚本加载到客户端的计算机后。 He can use/modify it, as he wants. 他可以按照自己的意愿使用/修改它。
解决方案4
1 2012-05-03 12:14:18
I'd recommend validating the arguments against expected set of values, and/or business rules wherever the results are being processed (client/server). 我建议在处理结果的任何地方(客户端/服务器)验证针对预期值集和/或业务规则的参数。 Ideally validation checks happen on the server where the user has no control. 理想情况下,验证检查发生在用户无法控制的服务器上。 Validation on the client side could even be modified to allow invalid data entry. 甚至可以修改客户端的验证以允许无效的数据输入。
There is no way to completely control it - only validate it based on criteria. 没有办法完全控制它 - 只根据标准验证它。
解决方案5
0 2012-05-03 12:46:11
You can't prevent this action because JavaScript is a client side . 您无法阻止此操作,因为JavaScript是客户端。 Also you can never trust the client . 你永远不能相信客户。
You should make a validation for any request at server side to protect your data against client misuse . 您应该对服务器端的任何请求进行验证,以保护您的数据免受客户端滥用。
you can somehow make it hidden from client eyes 你可以以某种方式使它隐藏在客户眼中
by using .delegate() 通过使用.delegate()
EX. EX。
$("table").delegate( "td","click", function() {<br>
// write here your function<br>
});
The client can execute this script but it isn't direct in front of his eyes .. 客户端可以执行此脚本但不是直接在他眼前。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.