CODEWITHSUNDEEP
javascriptgoogle-chromegoogle-chrome-devtoolsgoogle-chrome-app
Dylan Kay
Dylan Kay

Reputation: 394

Disabling inspect element/javascript console in my chrome webstore app?

I was wondering if it was possible to specify an attribute in the manifest file or somewhere else, and disable the use of a javascript console in my app's window. Disabling the javascript console will not allow the user to simply give themselves money and they will be forced to play the game properly. Does anyone know if it is possible to disable the javascript console in an app? Will it possibly come out in the future versions of Chrome?

Upvotes: 0

Views: 3542

Answers (2)

Vincent Scheib
Vincent Scheib

Reputation: 18650

Access to the console is already lessened in a packaged app versus the open web or an unpacked app you're working on. The mouse context menu will not offer to enter the developer tools, and the chrome menu does not exist in apps. The only option is from the chrome:extensions page or Chrome Apps Developer Tools.

Motivated users will have several other routes, including modifying the source of your client. Processing with a javascript obfuscator will make it slightly more difficult.

If you must protect game logic to prevent cheating, you will need to do so from a server that validates player actions. This can work offline as well, by caching game actions and sending for verification when possible. But, at what point does this matter? If it is a single player game, not much. If there are leaderboards, make them social leaderboards so that cheaters only fool their friends. If it is fully multiplayer you already must validate. ;) Never trust the client.

Upvotes: 6

dave
dave

Reputation: 64705

You need to use closures, and then you can protect the portions of the code they shouldn't be able to modify.

For example, say you had a game where they answer a simple math problem to get money, and when they have enough money, we'll say $1000, they can buy a gun. You don't want to let them be able to just add money to their account, but they should be able to answer questions to get money. You just expose the getMoney function, and hide everything else, like so:

var game = function() {
     var money = 0;
     var hasGun = false;

     var getMoney = function() {
         response = prompt("What is 2+2?");
         if (response == 4) money += 100;
         alert("You have $" + money);
     }
     var showMoney = function() {
         console.log(money);
     }
     var buyGun = function() {
         if (money >= 1000) {
            hasGun = true;
            money -= 1000;
            alert("You bought a gun!")
         }
         else alert("Not enough money!")

     }
     //we'll use this to expose methods and variables.
     var public =
     {
        getMoney: getMoney,
        buyGun: buyGun,
        showMoney: showMoney
     }
     return public;
 }()
 game.getMoney();

The only thing they can access within your expose function from the console is the ask method, and the showMoney method. The only way to get more money is to do it through the ask method. Even if, in the console, they wrote: 

game.money = 1000;
game.showMoney(); //returns 0;
game.hackForMoney = function() { money = 1000; }
game.hackForMoney();
game.showMoney(); //returns 0;
game.showMoney = function() { return 1000; }
game.buyGun(); //alerts "Not enough money!"

Now someone can access the console and it doesn't matter.

Upvotes: 1

Related Questions