Script47 Posted September 21, 2013 Share Posted September 21, 2013 I was wondering what are the best method(s) to secure user input using Javascript? Quote Link to comment Share on other sites More sharing options...
Dave Posted September 21, 2013 Share Posted September 21, 2013 I was wondering what are the best method(s) to secure user input using Javascript? What if a user disables Javascript? Then they've basically disabled your security. Your security should really be handled by the server, not the users browser. Quote Link to comment Share on other sites More sharing options...
Script47 Posted September 21, 2013 Author Share Posted September 21, 2013 What if a user disables Javascript? Then they've basically disabled your security. Your security should really be handled by the server, not the users browser. I was thinking this so if you have a JS game, you would always need server side checks right? Quote Link to comment Share on other sites More sharing options...
Dave Posted September 21, 2013 Share Posted September 21, 2013 I was thinking this so if you have a JS game, you would always need server side checks right? Depends on what style of game you have. If you've built a game that stores users data which being manipulated could allow users to cheat, then you'll need to conduct the checks before you save them on your server. Quote Link to comment Share on other sites More sharing options...
Script47 Posted September 21, 2013 Author Share Posted September 21, 2013 So is there no way to actually use JS to secure it? Quote Link to comment Share on other sites More sharing options...
Dave Posted September 21, 2013 Share Posted September 21, 2013 So is there no way to actually use JS to secure it? You could do validation checks but as far as actually securing any inputs it could easily be disabled and bypassed. Define what you mean by securing? What are you doing with the data? Quote Link to comment Share on other sites More sharing options...
Script47 Posted September 21, 2013 Author Share Posted September 21, 2013 I mean, you know how you get htmlspecialchars() strip_tags() in PHP is there things like that in JS? Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted September 21, 2013 Share Posted September 21, 2013 You can certainly do checks however your users will be able to skip all the possible JS checks if they want. While if you run checks on the server, nobody will be able to avoid them, unless you leave some holes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.