-2

Is it possible to hide the attributes of a HTML tag? Suppose I have this code:

<div class="test"></div>

When someone use inspect elements on my website, they can only see this:

<div></div>

The reason why I want to do that is this: I'm building a Web Application for my assigment at college, using Java as back-end language (I'm using Spring MVC Framework). I try to send a request and receive response without reload the entire page, and I found an example of using AJAX like this:

<button class="btn btn-success btn-lg" onclick="$.post('/waiter/order/2/menu?product=Crown%20Royale')">Crown Royale</button>

As you can see, the information of the request call is shown in HTML, and I want to hide it to keep the privacy of my Website.

John
  • 17
  • 1
  • 7
  • 3
    No you cannot hide anything – Hearner Jun 01 '18 at 12:28
  • 1
    Why would you do that ? – Martin Jun 01 '18 at 12:28
  • Negative | https://stackoverflow.com/questions/18271868/can-i-hide-the-html-source-code-from-the-browser-view-source – Amnesh Goel Jun 01 '18 at 12:30
  • 2
    Short answer: no. But more importantly... Why on Earth do you think you would *want* to do this? What actual problem are you hoping to solve? – David Jun 01 '18 at 12:37
  • @David I know people who learned to program in JavaScript, HTML and CSS and literally do everything in it, no matter how insecure it is. I've seen passwords and keys for paypal accounts just lying around in JavaScript files for webshops with hundreds of transactions each day. I hope for OP that this isn't the case, but there are people who literally don't know better. – Loek Jun 01 '18 at 12:42
  • Check the edited question guys. Thank you for your help. – John Jun 01 '18 at 12:44
  • 1
    @John: The answer is still a resounding "no" because, well, you can't prevent the browser from knowing what you want it to do. It can't make a request without knowing the address to request. What do you mean by "keep the privacy of my website"? Continue to step back from what you *think* the solution is and focus on what the *problem* is. What are you actually trying to *protect* here? – David Jun 01 '18 at 12:50
  • Yup. I think i've just gone on the wrong way. Thank you for pointing me my real problem. – John Jun 01 '18 at 13:05

2 Answers2

3

No. Everything you send to the client, they will be able to see (and even change).

That's why serverside validation of forms is so important for example. Users can just turn off the required attribute and submit the form. If you don't have validation in place, your code will error.

Loek
  • 4,037
  • 19
  • 35
  • Yeah, I've edited the question to add the reason why I want to do that. Please check it again. Thank you. – John Jun 01 '18 at 12:49
  • Yeah this is just simply something you're going to have to live with. You can try to come up with a smart way to prevent your users from knowing what your URL does, but the better way is to add CSRF and throttling. URLs (and HTML and CSS and JS) are always public, and eventually somebody is going to abuse them. It's your job to make sure the back-end is robust enough to deal with that abuse. – Loek Jun 01 '18 at 12:51
  • Thank you. I have no idea what you've mentioned, cause I just have been learning Web for 5 months. Thank you for showing me the way. – John Jun 01 '18 at 13:00
  • No problem! Just start small, build a good basis and build from there. You'll get there! – Loek Jun 01 '18 at 13:01
0

You can't. The browser needs those tags and classes to show your webpage, and if your browser has them it won't make them private towards the end-user.

Jorge.V
  • 1,329
  • 1
  • 13
  • 19