Is there a way to declare a static of final value in javascript so that it cannot be altered by a 3rd party?
What I have is a article sharing application, with free users being ad supported. What I wish to do is prevent the free users from altering the innerHTML content by altering the storage variable for the content.
What I have at this moment is a timer that reloads the innerHTML of the article on user website every 5 seconds and I'm storing the value for the reload in a variable.
However, if a genius using jsbeatify explores which variable holds the key to removing the ad and alters that, we lose revenue and exposure of our products.
How to prevent the altering of the internal variable?
This is the end result of what I came up with:
http://jsfiddle.net/PgdYP/1/
<div id="specialdiv"></div>
<input type="button" value="try to change the function i to do something different" onclick="t.i = function(){alert(data.secret);}"><BR>
<input type="button" value="set function to null out of spite" onclick="t=null;">
<script type="text/javascript">
e = function(){var data = { };
Object.defineProperty(data, 'secret', {
value: "Hello world!",
writable : false,
enumerable : true,
configurable : false
});this.z=function(){window.setTimeout("try{document.getElementById('specialdiv').innerHTML = '"+data.secret+"';t.i.z();}catch(err) {document.body.innerHTML=err;}",5000);}}
g = function(){};
g.prototype = new e();e=null;window.t = {}
Object.defineProperty(window.t, 'i', {
value: new g(),
writable : false,
enumerable : false,
configurable : false });g = null;
window.t = Object.freeze(window.t); t = Object.seal(window.t);
t.i.z();
</script>
This will be presented in packed format, just to make it harder just to copy the code out of the source. This way the effort to simply copy and paste the code out will be maximized and will be very hard to automate.
Thank you all for your answers.
You can assign a value to a ReadOnly variable only once. Once you do so, no code can ever change its value. If you do not know the value at compile time, or cannot compute it at compile time in a single statement, you can still assign it at run time in a constructor.
const is a keyword constant in C program.
You can't declare the same variable twice at the same level: assert.
Yes, there is. At least for object properties, ES5 gave us the possiblity to alter the property descriptor flags by hand. So we can do that like
var data = { };
Object.defineProperty(data, 'secret', {
value: 42,
writable : false,
enumerable : true,
configurable : false
});
That way, we created a property secret
with the value 42
within data
, which cannot get modfied nor deleted.
The caveat here is, that the genius (like you called it) will also be able to spot this code and just modify that, to again be able to change the content if he wishes to. You just can't create a secured front-end javascript in that way. The code will always be available as plain-text for everybody.
To make this more complete, you can also create an object and freeze
it at some point, using Object.freeze()
and/or Object.seal()
to shutdown the option for enumerating, deleting and modifying on properties of an object.
But again the word of caution: This is intended to affect your own code or foreign code, to prevent modifications by accident or on purpose at run time. There is no way to stop a developer since he can simply halt the execution of your script, before this even can take affect.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With