Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Javascript Namespace Hackery

Hi all. I am wondering about the reliability of javascript namespace-ing. My goal is to make certain variables unavailable to functions other then the function the variable is enclosed in. Take a look at this:

<script>
function foo() {
    var hidden_1 = "Can't see me";
}

function bar() {
    var hidden_2 = "Me neither";
}
</script>


Lets say I have both of these functions in the same page. Would it be at all possible for code in the 'foo()' function to have access to the 'hidden_2' variable in the 'bar()' function and vice versa?

Thanks,
Zumpoof
0
zumpoof
Asked:
zumpoof
  • 3
  • 3
  • 2
1 Solution
 
sajuksCommented:
Your hidden_1 & hidden_2 variables have been defined as local variables and not global variables.
global variables would be defined as
<Script>
var mytest;
mytest = "Hello World"

function callme() {
alert(mytest)

}
callme()
</Script>

to change the value of a global variable you need to affix the window. prefix for ex:
<script>
var hidden_1 = "New Value";
function foo() {
     hidden_1 = "Can't see me";
    window.hidden_1 =hidden_1
}

function bar() {
    var hidden_2 = "Me neither";
    foo();
    alert(hidden_1)
}
bar()
</script>
0
 
zumpoofAuthor Commented:
I don't want the variables to be accessible outside of the functions I've declared them in. I want them to be invisible to everything outside of the function they reside in. I'm posting this question because I want to make sure there is absolutely no way to get at those variables from outside the function.
Sorry, it is a strange question.

Thanks,
Zumpoof
0
 
sajuksCommented:
let me try to understand what you want ,in ur script
<script>
function foo() {
    var hidden_1 = "Can't see me";
}

function bar() {
    var hidden_2 = "Me neither";
}
</script>

var hidden_1 has been defined inside function foo(). Now you cant really access that value outside that function since its a local variable.
Now i could always declare a new function
function foo1() {
    var hidden_1 = "Local Temp";
}

This again is a local variable and has no link to the previously declared function variablke.
to have it as a global variable you need to declare it outside ur function .
As long as its not defined as a global variable you shoud be ok.
So in ur case it wont be accessible from anywhere else
(though i assume you know that the value would be visible if i see the source code.)
<script>
var myVar;
function doA(){
  myVar="A";
}

function doB(){
  alert("Inside doB " +myVar);
}

doA();
doB();
alert(myVar);
</script>


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SnowFlakeCommented:
Generally speeking your variables are "safe"
however, since you mentioned the word hackery :)
If you just assign them plain constant values
It would be possible for another clever enough function in that page to get to
the actual text of the script and parse out the value.
or even manipulate the script in some other way so as to extract that value.

If you would like such an example I can write you one.

what are you trying to protect ? and what from ?

SnowFlake
0
 
zumpoofAuthor Commented:
Thanks for offering to put that script together, SnowFlake but it is not necessary. The explanation for why I was asking this question is a bit complex, so I just simplified the problem to a namespacing question.

Thanks!
0
 
SnowFlakeCommented:
I was just wandering if as far as you are concerned your variables are considered safe or not ?
It would be interesting to know what was behind the Q and why did you refer to hakery ?
0
 
sajuksCommented:
Thanks for the points and grade
0
 
zumpoofAuthor Commented:
SnowFlake,

My job revolves around web application security, which often times brings up javascript thanks to XSS (Cross Site Scripting). Currently it's assumed that if a website falls victim to an XSS attack, then everything on a page is available to the the malicious javascript. I'm personally trying to refine what kind of access an attack would have if different development choices were made. Ofcourse if a website is being attacked in this manner they have more to worry about than coding styles, but still I am curious.
I referred to it as "hackary" because of the solution to achieve what I was proposing would probably be very messy, and viewed as a "hack".

Thanks all!
-Zumpoof
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now