1

Is it possible to use jQuery/Javascript to see if a webpages source code is altered by a visitor and if so redirect them?

And by altered, I mean if they open firebug or something and edit anything on the page once its finished loading?

Liam
  • 9,725
  • 39
  • 111
  • 209
  • Altered in which way? Compared to a previous version or after the page finished loading? – Ahatius May 27 '12 at 09:51
  • How can a visitor alter the content of a webpage? You mean, the page is generated by some server-side processor? – MaxArt May 27 '12 at 09:52
  • How can one alter something that is downloaded from a server? Unless they hack your server there is no way to alter source code of a webpage – Miquel May 27 '12 at 09:53
  • With google chrome element inspector you can change code live. i use it sometimes to disable annoying flah ads in the background that slow down my browser – Tschallacka May 27 '12 at 09:55
  • You're thinking security backwards – frenchie May 27 '12 at 09:56
  • Do you really think that's appropriate? If the user messes around with firebug it's his good right to do so. If you throw stones in his way he'll think you are trying to hide something and just continue. If someone uses it to hide your ads it's fine. – ThiefMaster May 27 '12 at 09:59

3 Answers3

2

Even if there is a way to do that, the visitor can still edit this verification, so this is pointless.

Antoine Pietri
  • 793
  • 1
  • 10
  • 25
  • True, but you can hide this in an external javascript file, obfuscated by javascript obfuscator, etc. at a certain point where it takes more than 5 mins to find the blasted code they usually give up and leave the site – Tschallacka May 27 '12 at 10:01
2

This seems like a hack to prevent people from messing with your forms.

This is most definitely not the right way to make your site more secure; security must always come from the server-side or, if everything is done via the front-end, in a way that can only hurt the user who is currently signed in.

Even if you did succeed in implementing this using JavaScript, the first thing I would do is disable exactly that :) or just disable JavaScript, use wget, inspect the code first, then write a curl work-around, etc.

Ja͢ck
  • 170,779
  • 38
  • 263
  • 309
0

yes. at the loading store the innerhtml of the html element in a string. then set an interval every second to check if the current html matches the stored var.

Tschallacka
  • 27,901
  • 14
  • 88
  • 133