开发者

convert PHP array to JS array (without writing contents)

问答 作者:

I have a PHP array with URL's that I would like to keep hidden (or at least more difficult to copy) I need to convert this array to a JS array. Is it possible without writing the items in JS?

So NOT like in following example where the URL's can be found in the source...

<?php
    $arr = array("http://foo.com","http://bar.com","http://baz.com"); 
?>

<script>
    var newArr = new Ar开发者_StackOverflowray("<?php echo implode(',' ,$arr); ?>");
</script>

Nope. This is not possible without writing the items in JS.

Javascript could read the data via an AJAX request, it wouldn't show up in the page source but you'd be able to see it with any half-decent web developer toolset.

If you want to make the urls unreadable you can encode each character to \xnn escape sequence:

<?php
    $arr = array( "http://foo.com","http://bar.com","http://baz.com" ); 
    $encodedArr = array();
    foreach( $arr as $url ) {
        $encodedUrl = '';
        for( $i = 0; $i < strlen( $url ); ++$i ) {
            $encodedUrl .= '\\x'.str_pad( 
                  sprintf( '%x', ord( $url[$i] ) ),
                  2, STR_PAD_LEFT );
        }
        $encodedArr[] = '"'.$encodedUrl.'"';
    }
?>
<script type="text/javascript">
    var newArr = [ <?php echo implode(',' ,$encodedArr); ?> ];
    alert( newArr[0] );
</script>

the written javascript will look like this:

var newArr = [ "\x68\x74\x74\x70\x3a\x2f\x2f\x66\x6f\x6f\x2e\x63\x6f\x6d","\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x72\x2e\x63\x6f\x6d","\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x7a\x2e\x63\x6f\x6d" ];
alert( newArr[0] );

but will alert http://foo.com

It's not possible to do it without writing the items in JS. However if you are using those variable for validation, you could transfer that validation on the server and use AJAX to call that validation.

I don't think it is possible, but depending on what you are trying to do, you can remove the script element from the DOM when you are done with it, so it won't appear in your source code to the user. This kind of technique is quite useful for example when building a javascript block that other people would include on their site. The javascript code can ran, and when it's finished remove itself from the DOM so other people can't copy your code.

If you want one of your system's component not to touch some piece of data, don't give it the data.

However, if the browser cannot have the data, it cannot use it, either. There's a dilemma...

Maybe you want to insert an extra indirection: have your PHP provide a series of 'command-url's' to the javascript GUI, and have it trigger these commands instead of letting it know your sensitive data.

Directly it is not possible. JavaScript code is interpreted, so no chance to hide it.

Another way is to make make an ajax call to file which will echo the items.

If you wish more security make 2 GET calls one to get some info, process it with the js and use it at the second call which will get your array. Something like the "obscurity" or "time" method. In theory this will add some protection.

Or as nobody suggested you can use again the technique with the 2 GETs, and encode and decode dinamically the data in the array. This will add more security.

Use JSON.

In PHP, that'd be:

<?php
$arr    = array('http://[a]', 'http://[b]', 'http://[c]');

echo json_encode($arr);

in JS:

<script type="text/javascript">
arr[0]; // http://[a]

arr.each(function(k,v){
    v; // http://[a]

    // loops trough the remaining values
});

继续阅读:arraysjavascriptphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9