How can I put a jQuery function into my code behind?

Question

I have the jQuery function below (Show_popupWindows) :

    $(function () {
                        var popupWindows_Done = $('input[type="hidden"]#hfpopupWindows_Done').val();
                        if (popupWindows_Done == "false") {
                            Show_popupWindows();
                        }
                        else {
                        }
    });    //End Of $(function ()
    //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
                function Show_popupWindows() {
                    var x = screen.availWidth;
                    //alert(x);
                    $('div#OffDiv').css({ 'width': x });
                    //alert($('div#OffDivAndLoadingContainer').css('width'));
                    var y = screen.availHeight;
                    //alert(y);
                    $('div#OffDiv').css({ 'height': y });
                    //alert($('div#OffDivAndLoadingContainer').css('height'));

                    //alert('On');
                    $('div#OffDiv').css({ 'display': 'block' });
                    $('div#TimerContainer').css({ 'display': 'block' });

                    var w1 = window.open('http://www.blablabla.com', '_blank', 'channelmode=no,directories=yes,location=no,resizable=yes,titlebar=yes,menubar=no,toolbar=no,scrollbars=yes,status=yes', false);
                    var w2 = window.open('http://www.blablabla.com', '_blank', 'channelmode=no,directories=yes,location=no,resizable=yes,titlebar=yes,menubar=no,toolbar=no,scrollbars=yes,status=yes', false);
                    window.focus();

                    var sec = $('#TimerContainer span').text()
                    var timer = setInterval(function () {
                        $('#TimerContainer span').text(--sec);
                        if (sec == 0) {
                            clearInterval(timer);
                            $('div#OffDiv').css({ 'display': 'none' });
                            $('div#TimerContainer').css({ 'display': 'none' });
                        }
                    }, 1000);

                    var watchClose = setInterval(function () {
                        try {
                            if (w1.closed || w2.closed) {
                                clearTimeout(watchClose);
                                clearInterval(timer);
                                DoNotClosePoPupWindowDuringTimer();
                            }
                        }
                        catch (e) {
                        }
                    }, 200);
                }
    //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

how can I put this function into my code behind, so nobody can change this function by editing aspx file.

I tried the method below in code behind :

private static StringBuilder Create_ShowpopupWindows_Function()
{
    StringBuilder sb = new StringBuilder();
    sb.Append("var x = screen.availWidth;");
    sb.Append("//alert(x);");
    sb.Append("$('div#OffDiv').css({ 'width': x });");
    sb.Append("//alert($('div#OffDivAndLoadingContainer').css('width'));");
    sb.Append("var y = screen.availHeight;");
    sb.Append("//alert(y);");
    sb.Append("$('div#OffDiv').css({ 'height': y });");
    sb.Append("//alert($('div#OffDivAndLoadingContainer').css('height'));");

    sb.Append("//alert('On');");
    sb.Append("$('div#OffDiv').css({ 'display': 'block' });");
    sb.Append("$('div#TimerContainer').css({ 'display': 'block' });");

    sb.Append("var w1 = window.open('http://www.almasafzar.com', '_blank', 'channelmode=no,directories=yes,location=no,resizable=yes,titlebar=yes,menubar=no,toolbar=no,scrollbars=yes,status=yes', false);");
    sb.Append("var w2 = window.open('http://www.soscharge.com', '_blank', 'channelmode=no,directories=yes,location=no,resizable=yes,titlebar=yes,menubar=no,toolbar=no,scrollbars=yes,status=yes', false);");
    sb.Append("window.focus();");

    sb.Append("var sec = $('#TimerContainer span').text()");
    sb.Append("var timer = setInterval(function () {");
    sb.Append("$('#TimerContainer span').text(--sec);");
    sb.Append("if (sec == 0) {");
    sb.Append("clearInterval(timer);");
    sb.Append("$('div#OffDiv').css({ 'display': 'none' });");
    sb.Append("$('div#TimerContainer').css({ 'display': 'none' });");
    sb.Append("}");
    sb.Append("}, 1000);");

    sb.Append("var watchClose = setInterval(function () {");
    sb.Append("try {");
    sb.Append("if (w1.closed || w2.closed) {");
    sb.Append("clearTimeout(watchClose);");
    sb.Append("clearInterval(timer);");
    sb.Append("DoNotClosePoPupWindowDuringTimer();");
    sb.Append("}");
    sb.Append("}");
    sb.Append("catch (e) {");
    sb.Append("}");
    sb.Append("}, 200);");
    return sb;
}

but it does not work when I call it in page_load :

        protected void Page_Load(object sender, EventArgs e)
        {
            StringBuilder sb = Create_ShowpopupWindows_Function();
            ScriptManager.RegisterStartupScript(this, this.GetType(), "Show_popupWindows", sb.ToString(), true);
        }

Possible or not, you shouldn't mix client- and server-side code. Either way you can't prevent client-side code from being accessed (by definition.) — Evan Davis, Dec 29 '11 at 17:54
1. There is not reason to use a StringBuilder here 2. I don't really understand why putting it in code behind would prevent anyone from changing it. And what do you mean by that? The client running the page? 3. What exactly is not working? The script is not rendered at all? — Magnus, Dec 29 '11 at 17:56
where do you create your script manager? And you should probably also load jquery before you can do this. And you're going to want some script tags round your javascript. It probably easier to put the javascript in a different file and add that to your aspx file. Although this will still be accessible to everyone. — albertjan, Dec 29 '11 at 17:58
@the_ajp The script tags are added by `RegisterStartupScript` — Magnus, Dec 29 '11 at 17:59
@Magnus are you sure? see here: http://msdn.microsoft.com/en-us/library/asz8zsxy.aspx — albertjan, Dec 29 '11 at 18:03
@the_ajp Yes, since he is using http://msdn.microsoft.com/en-us/library/z9h4dk8y.aspx with `true` as the last parameter. — Magnus, Dec 29 '11 at 18:05
downvoter, give me a comment plz. some months ago i wrote a web site for one of my customers and he does n't pay for it.he has own vps with remote access.so i want to prevent him to edit that aspx file and changing that function.this is my reason for doing that. — SilverLight, Dec 29 '11 at 18:06
What exactly is not working? The script is not rendered at all? (it seems jqeury codes do n't work, but there is no problem about javascript codes) — SilverLight, Dec 29 '11 at 18:09
@SilverLight so the script _is_ rendered but Jquery is not working? Make sure that the jqure include is added before your code. — Magnus, Dec 29 '11 at 18:14
And you should probably also load jquery before you can do this. -> how can i load jquery from code behind? — SilverLight, Dec 29 '11 at 18:15
@SilverLight you dont need to do that from codebehind. Just make sure its at the top of the page, for example in the header. — Magnus, Dec 29 '11 at 18:17
@Magnus it's there. so what is wrong about my page_load codes? why jquery codes do n't work? — SilverLight, Dec 29 '11 at 18:20
@SilverLight hard to say, you do not for example have the function name: `function Show_popupWindows()` in the code behind part. — Magnus, Dec 29 '11 at 18:22
@Magnus i do n't have dup Show_popupWindows() in my code-behind! any other idea? — SilverLight, Dec 29 '11 at 18:33
You could "compress" your javascript js file and only supply the compressed version to the client, even though he can edit it, it would be more difficult - even after decompressing: http://yuilibrary.com/download/ — Harag, Dec 30 '11 at 10:51

score 5 · Answer 1 · answered Dec 29 '11 at 17:52

5

It's clientside code, so how are you going to prevent the user from being able to change it? It's not possible.

answered Dec 29 '11 at 17:52

diggingforfire

3,359
1
23
33

Code-Behind is server-side, jQuery is client-side. You don't put jQuery stuff on the server. – Matt H Dec 29 '11 at 17:54
1

Isn't that exactly what I'm saying? – diggingforfire Dec 29 '11 at 17:59
[shrug] I just morphed your answer/question into an answer/answer for clarity. – Matt H Dec 29 '11 at 18:00
That's fine, it just sounded like you were in disagreement, but emotion is a bit hard to detect in written text :-) – diggingforfire Dec 29 '11 at 18:08
Probably would have been better to put my comment in the original question, or write a new answer. Ironic, attempting to increase clarity and just muddying things up. :-P – Matt H Dec 29 '11 at 18:10
@diggingforfire i think you are wrong. we can do this job with script manager and registerstartupscript. but i do n't know what is wrong about my codes! it seems there is a problem about loading jquey library... – SilverLight Dec 29 '11 at 18:26
Your webserver will eventually serve a page containing HTML and javascript (and what else), the contents of the page will have been determined by your codebehind. This page eventually winds up being downloaded by someone, probably using their browser. Once it's in their browser, how are you going to prevent them from messing with it? You can't. – diggingforfire Dec 29 '11 at 18:36

score 2 · Answer 2 · answered Dec 29 '11 at 17:53

Any JavaScript that your page runs will be visible to your browser, and anyone who cares to right-click and view source. Trying to find tricky ways to get asp.net to inject the script cannot change that.

If you're worried about someone messing with the script and causing problems, then you have to take a fresh look at how you're validating things on the server side.

score 2 · Answer 3 · edited May 23 '17 at 10:08

2

jQuery is based on Javascript code, which is generally(and in this case) executed on the clients machine. This means there is no way you can prevent a user from changing the code.

There are some things you can do to deter them, like obfuscating & compressing it: How to obfuscate JS code

The more robust solution is to control whatever it is you're trying to protect from the server side.

edited May 23 '17 at 10:08

Community

1
1

answered Dec 29 '11 at 17:57

ankit

3,328
3
26
39

Might I add that javascript isn't necessarily executed on the client (even though it mostly is). See Node.js for example. – diggingforfire Dec 29 '11 at 18:01
thanks guys for answer and comments. obfuscating is a good way. but i want to learn how fix that isuue! – SilverLight Dec 29 '11 at 18:28
Should your site be so critically dependent on this script? What if they block javascript altogether? (for instance with NoScript) – diggingforfire Dec 29 '11 at 18:39

Magnus · Accepted Answer · 2011-12-30T10:24:09.180

2

Instead of creating the script using StringBuilder in code behind to avoid the customer (taking that from your comments on your question) to manipulate the script you can embed the script file in the assembly file.

Right click on the script and selected buid action: Embedded Resource.
Add the script location to the assembly info file:
[assembly: System.Web.UI.WebResource("SomeFolder.myJavascript.js", "text/js")]
Include the script on the page:

string scriptLocation = Page.ClientScript.GetWebResourceUrl(this.GetType(), "SomeFolder.myJavascript.js"); Page.ClientScript.RegisterClientScriptInclude("SomeFolder.myJavascript.js", scriptLocation);

edited Dec 30 '11 at 10:24

answered Dec 29 '11 at 18:32

Magnus

45,362
8
80
118

1

How is that going to prevent the code from executing on the client? – diggingforfire Dec 29 '11 at 18:43
@Magnus : thanks for answer. Right click on the script -> where is that script? is it an external file or that script inside code behind or that script inside aspx page! – SilverLight Dec 29 '11 at 18:45
@diggingforfire From what I understand reading the comments on the question the op just wants to avoid the customer (to whom the code is deployed) from being able to change the script. If the script is directly in the aspx page, this would be possible. If the script is embedded into the assembly this would be much harder (but not impossible) – Magnus Dec 29 '11 at 18:48
@SilverLight You would have to put all the script that you want to "protect" in .js files and mark them as embedded Resources. – Magnus Dec 29 '11 at 18:49
I don't have too much ASP.NET knowledge, but how will it end up on the client differently? It will still end up in the HTML or linked to somehow. But all that aside, it sounds like security through obscurity to me. – diggingforfire Dec 29 '11 at 18:52
@Magnus ok i found it. after "left" click on js file there is a BuildAction property.you can change it to Embedded Resource. – SilverLight Dec 29 '11 at 18:55
@diggingforfire yep you are correct, it'll end up at the client the same way. He just wants to "protect" the source files. So this is not a security issue at the client but more of an crude access restriction at the server (from the one operating the server) if I've understood it correctly. – Magnus Dec 29 '11 at 18:56

How can I put a jQuery function into my code behind?

4 Answers4