Reputation: 141
Hiding hidden input fields from "inspect element"
Someone asked me to make him a dashboard where he can see all the links to manage his websites. He also wants to autologin to the website that he clicked.
To do this I'm trying to make a form for each url and send the username and password values with it. I echo them as variables but (ofcourse) they're still visible in the input types in the "inspect element" window.
How can I make this dissapear? Because it's not safe this way..
(side question: Is there also a way to add a target=_blank to this javascript?
<a href="" onclick="document.forms[0].submit(); return false;"></a> )
Upvotes: 2
Views: 18121
Answers (3)
Reputation: 8223
It is not possible to hide elements from the DOM inspector, that would defeat the purpose of having that tool.
Disabling javascript is all it would take to bypass right click protection.
What you should do is implement a proper autologin.
Most importantly, do not echo the users password in plain text to a page.
Upvotes: 2
Reputation: 1289
If you want to get about as fancy as possible you could serve up the data obsfuricated in some manner and de-obsfuricate it and run eval on it at the last minute.
Although this would mean that the data is still visible completely in a javascript debugger.
UNLESS you want to get fancy !!
If you REALLY want to get fancy then it is possible to obtain ROP Chain code execution in webkit based browsers, you COULD use this to gain native code execution capacity, once you have that then you can have your app download the required variables and inject them into something that cannot be debugged via the JS debugger built into most modern browsers ( or alternatively just disable the debugger)
Of-course you could always just implement in the server, its significantly less effort than locking a user out of their own browser.
Upvotes: 1
Reputation: 6345
You Cannot. Debuggers are designed for debugging HTML and Javascript.
But you can try disabling Right click.
Check this link
http://developersdigest.blogspot.in/2013/10/disable-inspect-elementsource-viewing.html
Another way is that you can use sessions to store user variable so it can be accessed only on server side.
Upvotes: 0
Related Questions
- How to hide form code from view code/inspect element browser?
- Hide Inspect Element in php
- Changeable input hidden field
- Form fields in hidden DIV
- hidden attribute in input tag from html form
- Disable hidden form input
- jQuery + hidden input fields
- Hidden input field
- How to disable form options entirely within JS 'display:none' trick?
- How to hide an HTML input field with javascript