Reputation: 12317
Is it safe to use PHP to deliver JavaScript?
I'm using the following:
<script type="text/javascript" src="/php/dictionary.php">
</script>
dictionary.php is a PHP Script that outputs JavaScript code. The reason I am using dictionary.php to generate JavaScript is that certain values in JavaScript depends on the Locale & User.
I was wondering if this technique is as safe as using Javascript file directly?
Upvotes: 2
Views: 263
Answers (2)
Reputation: 700720
No, it's not safe as you want different scripts for different users. The script will be cached, so a user may get the script for a different user who was logged in on the same computer earlier.
If you need it to be safe, generate a code for the logged in user, and send that in the querystring when you request the script, so that you can verify that the correct user gets the script. As the URLs will be different, the will also be cached separately.
Upvotes: 3
Reputation: 15389
Javascript will only affect the client-side. Unless you are exposing client-side operations that affect other users in the .php file, in which case cross-site scripting may be abused, it should be fine.
Reference: http://en.wikipedia.org/wiki/Cross-site_scripting
This is safe as any potential exploit they may pursue would only affect the client-side, given that all server-side files called from the Javascript are patched for security as well.
Upvotes: 1
Related Questions
- Security of adding php information into javascript
- Is it secure to call a PHP file from JavaScript?
- PHP/JavaScript Security - Is JS security worthless?
- securing php code from ajax / javascript misuse
- javascript and php security
- Are javascript functions safe from being called from outside the writen script?
- Ajax calls and securing .js file information
- Best way to avoid javascript's executing
- Possible security concerns with PHP
- Using a PHP as a Javascript file - Security?