Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent the changing of a variable value in Javascript [duplicate]

Is there a way to declare a static of final value in javascript so that it cannot be altered by a 3rd party?

What I have is a article sharing application, with free users being ad supported. What I wish to do is prevent the free users from altering the innerHTML content by altering the storage variable for the content.

What I have at this moment is a timer that reloads the innerHTML of the article on user website every 5 seconds and I'm storing the value for the reload in a variable.

However, if a genius using jsbeatify explores which variable holds the key to removing the ad and alters that, we lose revenue and exposure of our products.

How to prevent the altering of the internal variable?


UPDATE

This is the end result of what I came up with:

http://jsfiddle.net/PgdYP/1/

<div id="specialdiv"></div>
<input type="button" value="try to change the function i to do something different" onclick="t.i = function(){alert(data.secret);}"><BR>
<input type="button" value="set function to null out of spite" onclick="t=null;">

 <script type="text/javascript">
    e = function(){var data = { };
    Object.defineProperty(data, 'secret', {
       value: "Hello world!",
       writable : false,
       enumerable : true,
       configurable : false
       });this.z=function(){window.setTimeout("try{document.getElementById('specialdiv').innerHTML =   '"+data.secret+"';t.i.z();}catch(err) {document.body.innerHTML=err;}",5000);}}
        g = function(){};
        g.prototype = new e();e=null;window.t = {}
        Object.defineProperty(window.t, 'i', {
        value: new g(),
        writable : false,
        enumerable : false,
        configurable : false });g = null;
        window.t = Object.freeze(window.t); t = Object.seal(window.t);
        t.i.z();
    </script>

This will be presented in packed format, just to make it harder just to copy the code out of the source. This way the effort to simply copy and paste the code out will be maximized and will be very hard to automate.

Thank you all for your answers.

like image 673
Tschallacka Avatar asked Oct 25 '12 08:10

Tschallacka


People also ask

How can you prevent a variable from being changed?

You can assign a value to a ReadOnly variable only once. Once you do so, no code can ever change its value. If you do not know the value at compile time, or cannot compute it at compile time in a single statement, you can still assign it at run time in a constructor.

Which is used to prevent changing the reference of a variable?

const is a keyword constant in C program.

Can I declare a variable twice in JavaScript?

You can't declare the same variable twice at the same level: assert.


1 Answers

Yes, there is. At least for object properties, ES5 gave us the possiblity to alter the property descriptor flags by hand. So we can do that like

var data = { };

Object.defineProperty(data, 'secret', {
    value: 42,
    writable : false,
    enumerable : true,
    configurable : false
});

That way, we created a property secret with the value 42 within data, which cannot get modfied nor deleted.

The caveat here is, that the genius (like you called it) will also be able to spot this code and just modify that, to again be able to change the content if he wishes to. You just can't create a secured front-end javascript in that way. The code will always be available as plain-text for everybody.


To make this more complete, you can also create an object and freeze it at some point, using Object.freeze() and/or Object.seal() to shutdown the option for enumerating, deleting and modifying on properties of an object.

But again the word of caution: This is intended to affect your own code or foreign code, to prevent modifications by accident or on purpose at run time. There is no way to stop a developer since he can simply halt the execution of your script, before this even can take affect.

like image 168
jAndy Avatar answered Sep 28 '22 07:09

jAndy