CODEWITHSUNDEEP
javascriptsecurityconsole
Barrie Reader
Barrie Reader

Reputation: 10713

Is there a way to stop Javascript commands being executed in console?

As per the question title.

Although not required; I would like to stop people from executing functions on my page via the console... Is this even possible?

I've tried a few things, this is the closest I've come - but this doesn't work :(

    window.onresize = function(){
        if((window.outerHeight - window.innerHeight) > 100) {
            //stop commands here?
        }
    }
    window.onload = function() {
        if (typeof console !== "undefined" || typeof console.log !== "undefined") {
            if (window.console && (window.console.firebug || window.console.exception)) {
                    //stop commands here?
            }
        }
    }

EDIT:
I don't have to disable the console, just function calls made within it - either solution would be fine though ;)

EDIT2:
So, to get this right... There is now no way of detecting the console crossbrowser at all?

EDIT3:
I've sort of got around it by doing the following, although the JS functions are still in place - the elements that they relate to are not... Not a great fix, but I guess it'll do... :( 

        setInterval(function() {
            if (!$.browser.mozilla) {
                if((window.outerHeight - window.innerHeight) > 100) {
                    alert("DISABLED!");
                    $('body').remove();
                    return false;
                }
            }
            if (window.console && (window.console.firebug || window.console.exception)) {
                alert("DISABLED!");
                $('body').remove();
                return false;
            }
        }, 750);

Upvotes: 2

Views: 4125

Answers (1)

tobspr
tobspr

Reputation: 8376

It is not good to try detecting console via window width. This may cause some issues on other Browsers, too. If you just want protect your functions:

As you have e.g a button:

<button onclick="someFunction()"></button>

The someFunction is of course accessable via the console. But if you do not let the user know about your function name, he can not call the function, can he? See here:

<script type="text/javascript">
//obsfuscate this code
$(function() {
$("#theButton").on("click", someFunction);
})
</script>
<button id="theButton"></button>

This is just a possible solution. But rembember, no javascript solution can be 100% secure, because the User knows all of your code, obsfuscated or not.

Upvotes: 2

Related Questions