zumpoof
asked on
Javascript Namespace Hackery
Hi all. I am wondering about the reliability of javascript namespace-ing. My goal is to make certain variables unavailable to functions other then the function the variable is enclosed in. Take a look at this:
<script>
function foo() {
var hidden_1 = "Can't see me";
}
function bar() {
var hidden_2 = "Me neither";
}
</script>
Lets say I have both of these functions in the same page. Would it be at all possible for code in the 'foo()' function to have access to the 'hidden_2' variable in the 'bar()' function and vice versa?
Thanks,
Zumpoof
<script>
function foo() {
var hidden_1 = "Can't see me";
}
function bar() {
var hidden_2 = "Me neither";
}
</script>
Lets say I have both of these functions in the same page. Would it be at all possible for code in the 'foo()' function to have access to the 'hidden_2' variable in the 'bar()' function and vice versa?
Thanks,
Zumpoof
ASKER
I don't want the variables to be accessible outside of the functions I've declared them in. I want them to be invisible to everything outside of the function they reside in. I'm posting this question because I want to make sure there is absolutely no way to get at those variables from outside the function.
Sorry, it is a strange question.
Thanks,
Zumpoof
Sorry, it is a strange question.
Thanks,
Zumpoof
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Generally speeking your variables are "safe"
however, since you mentioned the word hackery :)
If you just assign them plain constant values
It would be possible for another clever enough function in that page to get to
the actual text of the script and parse out the value.
or even manipulate the script in some other way so as to extract that value.
If you would like such an example I can write you one.
what are you trying to protect ? and what from ?
SnowFlake
however, since you mentioned the word hackery :)
If you just assign them plain constant values
It would be possible for another clever enough function in that page to get to
the actual text of the script and parse out the value.
or even manipulate the script in some other way so as to extract that value.
If you would like such an example I can write you one.
what are you trying to protect ? and what from ?
SnowFlake
ASKER
Thanks for offering to put that script together, SnowFlake but it is not necessary. The explanation for why I was asking this question is a bit complex, so I just simplified the problem to a namespacing question.
Thanks!
Thanks!
I was just wandering if as far as you are concerned your variables are considered safe or not ?
It would be interesting to know what was behind the Q and why did you refer to hakery ?
It would be interesting to know what was behind the Q and why did you refer to hakery ?
Thanks for the points and grade
ASKER
SnowFlake,
My job revolves around web application security, which often times brings up javascript thanks to XSS (Cross Site Scripting). Currently it's assumed that if a website falls victim to an XSS attack, then everything on a page is available to the the malicious javascript. I'm personally trying to refine what kind of access an attack would have if different development choices were made. Ofcourse if a website is being attacked in this manner they have more to worry about than coding styles, but still I am curious.
I referred to it as "hackary" because of the solution to achieve what I was proposing would probably be very messy, and viewed as a "hack".
Thanks all!
-Zumpoof
My job revolves around web application security, which often times brings up javascript thanks to XSS (Cross Site Scripting). Currently it's assumed that if a website falls victim to an XSS attack, then everything on a page is available to the the malicious javascript. I'm personally trying to refine what kind of access an attack would have if different development choices were made. Ofcourse if a website is being attacked in this manner they have more to worry about than coding styles, but still I am curious.
I referred to it as "hackary" because of the solution to achieve what I was proposing would probably be very messy, and viewed as a "hack".
Thanks all!
-Zumpoof
global variables would be defined as
<Script>
var mytest;
mytest = "Hello World"
function callme() {
alert(mytest)
}
callme()
</Script>
to change the value of a global variable you need to affix the window. prefix for ex:
<script>
var hidden_1 = "New Value";
function foo() {
hidden_1 = "Can't see me";
window.hidden_1 =hidden_1
}
function bar() {
var hidden_2 = "Me neither";
foo();
alert(hidden_1)
}
bar()
</script>