Changing the function assinged to an event of a HTML form field by javascript

Question

I am pretty new in Javascript, so I apologize if my question looks insane. Imagine that I added an eventListener to an input field:

<input type="password" name="password" id="password"  onkeyup="func1()">

Where func1 has been defined in a source file called js_funcs.js and added as

<script type="text/javascript" src="js_funcs.js"></script>

My questions are:

Can a user define a new function func2 in the browser console and assign it to onkeyup attribute of the password field to remove the limitations imposed by func1?

if yes: how to prevent it?

How if I add it using arrow function js_funcs.js file as the following in:

const password=document.getElementById('password');
password.addEventListener('keyup', ()=>{
// doing something.
})

Everything is checked in the backend to prevent any attack, but I want to know if it is possible to remove the limitation imposed by javascript in the frontend and how to prevent it.

The browser belongs to the visitor, not to the website developer. It is completely under the control of the visitor. The visitor can make any HTTP request they like to your server. Any client-side validation routines you put in place are purely for the convenience of the user. They are worthless as security measures. — Quentin, Aug 11 '22 at 16:35

Changing the function assinged to an event of a HTML form field by javascript

0 Answers0