13

Possible Duplicate:
Are there constants in Javascript?

Is there a way to declare a static of final value in javascript so that it cannot be altered by a 3rd party?

What I have is a article sharing application, with free users being ad supported. What I wish to do is prevent the free users from altering the innerHTML content by altering the storage variable for the content.

What I have at this moment is a timer that reloads the innerHTML of the article on user website every 5 seconds and I'm storing the value for the reload in a variable.

However, if a genius using jsbeatify explores which variable holds the key to removing the ad and alters that, we lose revenue and exposure of our products.

How to prevent the altering of the internal variable?

UPDATE

This is the end result of what I came up with:

http://jsfiddle.net/PgdYP/1/

<div id="specialdiv"></div>
<input type="button" value="try to change the function i to do something different" onclick="t.i = function(){alert(data.secret);}"><BR>
<input type="button" value="set function to null out of spite" onclick="t=null;">



 <script type="text/javascript">
    e = function(){var data = { };
    Object.defineProperty(data, 'secret', {
       value: "Hello world!",
       writable : false,
       enumerable : true,
       configurable : false
       });this.z=function(){window.setTimeout("try{document.getElementById('specialdiv').innerHTML =   '"+data.secret+"';t.i.z();}catch(err) {document.body.innerHTML=err;}",5000);}}
        g = function(){};
        g.prototype = new e();e=null;window.t = {}
        Object.defineProperty(window.t, 'i', {
        value: new g(),
        writable : false,
        enumerable : false,
        configurable : false });g = null;
        window.t = Object.freeze(window.t); t = Object.seal(window.t);
        t.i.z();
    </script>

This will be presented in packed format, just to make it harder just to copy the code out of the source. This way the effort to simply copy and paste the code out will be maximized and will be very hard to automate.

Thank you all for your answers.

4

2 回答 2

21

Yes, there is. At least for object properties, ES5 gave us the possiblity to alter the property descriptor flags by hand. So we can do that like

var data = { };

Object.defineProperty(data, 'secret', {
    value: 42,
    writable : false,
    enumerable : true,
    configurable : false
});

That way, we created a property secret with the value 42 within data, which cannot get modfied nor deleted.

The caveat here is, that the genius (like you called it) will also be able to spot this code and just modify that, to again be able to change the content if he wishes to. You just can't create a secured front-end javascript in that way. The code will always be available as plain-text for everybody.

To make this more complete, you can also create an object and freeze it at some point, using Object.freeze() and/or Object.seal() to shutdown the option for enumerating, deleting and modifying on properties of an object.

But again the word of caution: This is intended to affect your own code or foreign code, to prevent modifications by accident or on purpose at run time. There is no way to stop a developer since he can simply halt the execution of your script, before this even can take affect.

于 2012-10-25T08:53:50.317 回答
3

try the const keyword. it should create an immutable variable.

于 2012-10-25T08:54:00.187 回答