Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Do we really need to hide js (jquery) code?

I realize that we can view the JS code in the browser via Inspect element > source or the like. For example, I have following code and it can be view under "source".

$.ajax({
    url: baseUrl + 'location/insert_user_location',
    type: "post",
    data: {address:address,lat:lat,lng:lng,acc:acc},
}).done(function(){
    getUserLocation();
});

Is this insecure, or does it even matter?

like image 451
vzhen Avatar asked Jun 27 '26 23:06

vzhen


1 Answers

No, it's not insecure, because your location/insert_user_location URI is correctly secured on the server side, right? For the same reason you should not trust client-side form validation and always perform the same validation on the server side.

There is no way to "hide" JavaScript on the client side. No matter how deeply it's hidden and how well obfuscated, hacker will always be able to analyze it.

like image 58
Tomasz Nurkiewicz Avatar answered Jun 30 '26 11:06

Tomasz Nurkiewicz