Reputation: 53
Checking integrity of javascript, user code=server code
Is there a way to verify that the user changed the jQuery/JavaScript with Firebug during the use of client-side page?
Upvotes: 3
Views: 160
Answers (3)
Reputation: 24336
Short answer it doesn't matter.
Long answer:
It matters if you are treating the JavaScript as part of your application structure, similar to how a SQL injection attack does bad things to your system. You should validate that anything that gets passed from the client is sanitized before being stored. The interesting attack vector here is if you allow me to persist elements into the structure of the web page and retrieve them at a later time. You have opened the doors to a reflected XSS attack (one of my favorites). This is indicative of a failure to sanitize user input and/or a failure to separate concerns UI from the system level code.
Upvotes: 0
Reputation: 120498
No. The client is fundamentally unsafe and belongs to the user, not you.
Upvotes: 1
Reputation: 499132
No, there is no way to verify this.
When it comes to input from the browser, you should always verify and validate. Never trust the client.
Upvotes: 4
Related Questions
- Javascript injection attack prevention for textboxes
- How to check the integrity of loaded Javascript code
- How to make sure this JavaScript code can run within C# ASP.NET
- How to verify that Javascript on client has not been altered
- Server Side JavaScript Code Injection Attack
- Verify javascript code at server
- securing javascript source code
- jQuery validation for ASP.NET, security issues
- Is there any way to verify that client side code that is used is the one given by the server?
- How to isolate unsecure JavaScript code