in reply to How to hide JAVASCRIPT coding from CGI?

JavaScript is run by the client side. You can obfuscate it, but you can never remove it entirely, or the client doesn't have it so that it can run. You can move it to a seperate file, and link it in, if you wish, but it must be accessible to the browser that you expect to run it.

If you don't want the brower to know your validation rules, you'll need to do it on the server side, which results in multiple round trips, and potentially more complicated overall code, and potentially a reduced user experience. Of course, I don't trust the user to have JavaScript on in the first place, so the more complicated overall code is a moot point, if you're paranoid as well.

  • Comment on Re: How to hide JAVASCRIPT coding from CGI?

Replies are listed 'Best First'.
Re^2: How to hide JAVASCRIPT coding from CGI?
by Fletch (Bishop) on Mar 14, 2005 at 15:40 UTC

    Right, JS validation should be to save a round-trip to the server and back not as a replacement for sanitizing on the server side. Trusting something a user sends you is just asking for trouble.

[reply]

In Section Seekers of Perl Wisdom