CODEWITHSUNDEEP
javascriptjquery
Adam Strudwick
Adam Strudwick

Reputation: 13129

jquery load to hide content

There is javascript on my webpage, but I need to hide it from my users (I don't want them to be able to see it because it contains some answers to the game.)

So I tried using Jquery .load in order to hide the content (I load the content from an external js file with that call). But it failed to load. So I tried ajax and it failed too.

Maybe the problem comes from the fact that I'm trying to load a file located in my root directory, while the original page is located in "root/public_html/main/pages":

<script type="text/javascript">
$(document).ready(function() {
    $.ajax({
        url : "../../../secret_code.js",
        dataType: "text",
        success : function (data) {
            $("#ajaxcontent").html(data);
        }
    });
});
</script>

1) Why can't I load a file from the root directory with ajax or load method? 2) Is there another way around?

PS: I'm putting the file in the root directory so people can't access it directly from their browsers...

Upvotes: 0

Views: 141

Answers (8)

Kevin B
Kevin B

Reputation: 95018

You can only load files that are accessible directly from browsers, for example, http://www.mydomain.com/secret_code.js

If it can't be accessed directly by the browser, it can't be accessed by the browser via ajax. You can however use .htaccess to prevent users from opening up a js file directly, though that doesn't keep them from looking at it in the google chrome or firebug consoles.

If you want to keep it secret, don't let it get to the browser.

Upvotes: 0

bygrace
bygrace

Reputation: 5988

What is your system setup? Are you using a CMS?

Even if you add the javascript to the page after page load a user with a tool like firebug can go and view it. I don't think what you are doing is really going to secure it. An alternate solution is that you could minify and obfuscate the javascript that you use in your production environment. This will produce near unreadable but functioning javascript code. There are a number of tools that you can run your code through to minify and obfuscate it. Here is one tool you could use: http://www.refresh-sf.com/yui/

If that isn't enough then maybe you could put the answers to the game on your serverside and pull them via ajax. I don't know your setup so I don't know if that is viable for you.

Upvotes: 1

noob
noob

Reputation: 9202

Security first

You can't access your root directory with JavaScript because people would read out your database passwords, ftp password aso. if that would be possible.

Upvotes: 0

kayen
kayen

Reputation: 4868

Try jQuery's $.getScript() method for loading external Script files, however, you can easily see the contents of the script file using Firebug or the developer toolbar!

Upvotes: 0

Anthony Grist
Anthony Grist

Reputation: 38345

Take a look at the jQuery.getScript() function, it's designed for loading Javascript files over AJAX and should do what you need.

Upvotes: 0

Anton
Anton

Reputation: 6051

Even if you load your content dynamicly, it's quite easy to see content of the file using firebug, fiddler or any kind of proxy. I suggest you to use obfuscator. It will be harder for user to find answer

Upvotes: 0

JasonWoof
JasonWoof

Reputation: 4196

1) if the file isn't accessible via web browsers, than it's not accessible via ajax (ajax is part of the web browsers

2) try /secret_code instead of ../../../secret_code.js

Upvotes: 1

Starx
Starx

Reputation: 78981

Navigate to the URL, not the directory. Like

$.ajax({
        url : "http://domain.com/js/secret_code.js",

..

Upvotes: 0

Related Questions