1

I'd like to hide the version of jQuery library used in my project so nobody can see which version is in use (at least just by quick looking at the code).

While removing a JS comment containing jQuery version is fairly easy, there is a variable hardcoded into jQuery which reveals the version:

var ah = "1.11.3"

My wish is to empty the variable, however I'm not a frontened developer so I don't know what could potential consequencies.

Does jQuery uses this variable is some particular way?

boleslaw.smialy
  • 136
  • 1
  • 2
  • 8
  • 3
    Firstly, you can't. Secondly, why would you even want to? It's pointless. Even without the version number it's easy to spot which version is being used by using feature detection. – Rory McCrossan Feb 14 '18 at 09:52
  • The less they know, the more absurd concepts they come up with regarding “security” ... *sigh* – CBroe Feb 14 '18 at 10:00
  • How is this related to security in any way? – Horkrine Feb 14 '18 at 10:14
  • This is the requirement I was faced with, please do not change the topic, I'm asking about technical contraindications, not about it is secure or not. – boleslaw.smialy Feb 14 '18 at 10:40

2 Answers2

6

So two points:

  1. Yes removing that could have issues, 3rd party plugins will use: jQuery().jquery to get the version to see if the version used is a recent enough version for the plugin to work, if you remove that the plugin could not load or try and work and have massive issues if the version of jquery isn't 'good' enough.

  2. Removing the version won't help in people not being able to identify if they really want to, it just adds a 2 minute step to the process of just comparing the rest of the code to jquery versions.

I would strongly advise not to remove the version number or change it.

Ryan McDonough
  • 9,732
  • 3
  • 55
  • 76
  • Re (2): I'm perfectly aware of it, it is rather for making it more difficult than impossible. Thanks for the reply anyway! – boleslaw.smialy Feb 14 '18 at 10:04
  • 1
    Ryan, could you please share some reference which could explain how the plugins resolves dependencies based on jQuery version? I'd be very thankful. – boleslaw.smialy Feb 14 '18 at 10:07
  • 2
    @boleslaw.smialy You can see in this question: https://stackoverflow.com/questions/2655308/jquery-version-compatibility-detection?noredirect=1&lq=1 how people detect the jquery version for compatability reasons. For example .attrFn was removed in version 1.9, if your plugin depends on that to work then if the jquery version is 1.9 or greater it would not work. – Ryan McDonough Feb 14 '18 at 13:43
0

I agree with others point but to answer your question . You can remove the version. you can just empty the version string.

var version = " "

If you give this in your source code even if you try to get the version using $.fn.jquery it gives the empty string.

To give more insight:

  1. download the jquery from jquery.com
  2. save it in the same folder where you create your file.
  3. Include the script in your file in the script src tag.
  4. go to the downloaded file and empty the version variable( var version = " ")
  5. Now in your file even if you try to get the version number ,you cant.

Note : Try to not use the vulnerable version.

Niruthiya Rathinavelu
  • 1