How to hide HTML from F12 & inspect element, sers should not be able to edit my disabled fields

Question

Please help me, in my application I will have enabled and disabled fields depending on conditions but when I press f12 I am able to edit disabled fields also so I have implemented a small hack kind of implementation but not sure if it is better approach Please suggest me any better approach

<%@ taglib uri="/struts-tags" prefix="s"%>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>Profile</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
    <link href="http://netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
    <style type="text/css">                                                                    
    </style>

    <script>
    function divFunction(user){
        event.preventDefault();   
        $.ajax({
            type: 'POST',
            url:'publicProfile.action?userNbk='+user,
            dataType: 'text',
            success: function(data){
                var obj = jQuery.parseJSON(data);
                document.getElementById("userNameHeader").innerHTML = obj.articleUserName;
                document.getElementById("publicEmail").innerHTML = obj.articleUserEmail;
                document.getElementById("publicNbk").innerHTML = obj.articleUserNbk;
                document.getElementById("publicPid").innerHTML = obj.articleUserPersonId;
                document.getElementById("publicGender").innerHTML = obj.articleUserGender;
                document.getElementById("publicJob").innerHTML = obj.articleUserOccupation;
                document.getElementById("publicAddress").innerHTML = obj.articleUserAddress;
                document.getElementById("publicIntrests").innerHTML = obj.articleUserIntrests;
           }}); 
    }
    </script>
    <script type="text/javascript">

    function isConsoleOpen() {
        alert("hello");
          var startTime = new Date();
          debugger;
          var endTime = new Date();
          return endTime - startTime > 10;
        }

    $(document).ready(function() {
        alert("helo");  
        if(isConsoleOpen()) {
            /* alert("You're one sneaky dude, aren't you ?") */
            document.getElementById("aaaaaa").innerHTML="You're one sneaky dude, aren't you ?";
        }
    })

    $(document).keydown(function(event){
    if(event.keyCode==123){
    return false;
   }
    else if(event.ctrlKey && event.shiftKey && event.keyCode==73){        
      return false;  //Prevent from ctrl+shift+i
   }
});
    $(document).bind("contextmenu",function(e) {
         e.preventDefault();
    });

    </script>
</head>
<body>
<div id="aaaaaa">
    <form>
        <input type="text" disabled="disabled">
        <input type="text" disabled="disabled">
        <input type="text" disabled="disabled">
        <input type="text" disabled="disabled">
    </form>
</div>
</body>
</html>

Answer 1

To specifically answer your question, there is no way to keep users from editing your disabled fields. It is impossible to keep users from viewing and editing your HTML.

The only thing you can do to truly take care of this issue is to use server-side validation. If there is a field you don't want text passed into, you're just going to have to set up some kind of validation on the server side to not process the data from that field. Unfortunately, that's just a part of web development.

Creating "hacky" solutions is not a good idea. It leads to unmanageable code, and in this case, it does not even solve the issue.

In fact, (and yes this is opinion-based) I would even say it encourages people to mess with your fields, because if I were hunting around in your code and I saw you trying to keep me out, the first thing I'm going to do is try to get around your hacky block. And 100 times out of 100, I'm going to succeed.

Answer 2

Preventing HTML from being seen and/or edited is impossible.