Menu
ok, I start with a very simple method:
alert(someText);
"someText" is a variable, which users will pass a value in by a form. Will there a chance that the user pass following text, and inject some code in my Javascript? For example, can the user pass this in this method:
"anotherText"); alert("the nextText"
If so, how can I prevent it from happening? if not, can anyone mention some security concern about javascript?
215
No, it doesn't work that way. String values are not substituted where they are used, they are just used as strings. So there is no security problem.
The only time you may have to worry about this is when you use eval:
eval("alert(\" + someText + "\");");
(Yes, I realize this is a contrived example...)
93
Basically, as long as you're not calling "eval" (or some function that does), and you're not injecting Javascript created from users directly in to pages (via the script tag), you shouldn't have anything to worry about.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
