开发者

Can User disable javascript at client side ? is it possible? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question开发者_如何学运维 would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 8 years ago.

Improve this question

it is possible to disable javascript from browser ?


All browsers I've ever used that support Javascript in the first place have had the ability to disable it fairly easily. There's an add-on for Firefox called NoScript that makes it easy to disable Javascript on a source-by-source basis. Javascript is a general-purpose programming language, and it's a bad idea to ever assume you get to run arbitrary programs on somebody else's system.

Moreover, you can't rely on Javascript for security. It's sent to the browser in source form, and can be altered on the browser without much difficulty. Javascript is entirely irrelevant to security.

There's two ways you could be thinking of securing a client site. One is securing the connection with SSL, and that has nothing to do with Javascript. It requires obtaining a certificate (usually, with modern browsers, one you pay for from an accepted certificate authority) and setting it up.

The second is to validate the information the browser sends. There's no harm in doing this with Javascript, since your web page can be more responsive that way, but if there is any security reason to validate input, it absolutely has to be done on the server. Any Javascript you send can be examined and changed by the person using the browser, and anything that can be sent by HTTP can be modified.


Yes, it is possible and easy to disable javascript from the browser. So never trust any client side scrips for validation or security.


If you are asking about input validation, you should be validating everything once the data gets to the sever.


How can we secure a webpage if javascript is disabled by user at client side ? is it possible ?

Javascript has nothing to do with a secure web site, secure web sites use SSL encryption.

it is possible to disable javascript from browser ?

The server cannot disable javascript in the browser, that is a preference which is only available to the user.


You can't secure a webpage even if javascript is enabled. Since Javascript is transmitted to the client in clear text it is the absolute worst choice to use for security.

Like Kevin said, server side validation is your only reliable option.

And, to guess at your question, it's either:

Yes, a client can disable Javascript on their browser OR No, you (the website operator) cannot disable a clients Javascript with your website

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜