Ever wonderd, how can you hide the JavaScript from the user?? Or is there a way that you can run dynamic JS code on the client. Well, there is a way, where you can hide the script from getting viewed in the source and getting saved in the cache files on the client.
What we need to do is, append a new script, dynamically generated, to the document. And set its content to what we recieve from the server by making a server call. Here is how we do. Though for demo, i am not making any AJAX call, you can easily replace the string with the response from server.
Step 1: Get the script text, and initialize it to a variable.
Step 2: Create a new script element.
Step 3: Append the script code to script object and attach it to DOM.
Here is an example. Try clicking "Execute Dynamic Script" before "Load Script" it should give a script error. Now try it after clicking "Load Script" it should work :)
Here is the Full Code to make this work -
PS: You see, this can only help you not show in the browser, as in, when the user does the view source or checks for browser cache it wont show up. But still there are ways to get the dynamic text, by reading the DOM currently present in the browser, and say by snooping in on whatever is coming from the browser.
PPS: But then a normal user is not so inclined to do that, so you can rest assured that it remains safe from more than 60% of the users.
PPS II: Cheers :)
What we need to do is, append a new script, dynamically generated, to the document. And set its content to what we recieve from the server by making a server call. Here is how we do. Though for demo, i am not making any AJAX call, you can easily replace the string with the response from server.
Step 1: Get the script text, and initialize it to a variable.
var ScriptText = "function ExecuteDynamicScript() { alert('This is Dynamic Script'); }"Step 2: Create a new script element.
var ScriptObj = document.createElement('script');
ScriptObj.type = 'text/javascript';Step 3: Append the script code to script object and attach it to DOM.
ScriptObj.text = ScriptText;
document.getElementsByTagName('head')[0].appendChild(scriptObj);Here is an example. Try clicking "Execute Dynamic Script" before "Load Script" it should give a script error. Now try it after clicking "Load Script" it should work :)
Here is the Full Code to make this work -
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
function loadScript()
{
var ScriptText = "function ExecuteDynamicScript() { alert('This is Dynamic Script'); }";
var scriptObj = document.createElement('script');
scriptObj.type = 'text/javascript';
scriptObj.text = ScriptText;
document.getElementsByTagName('head')[0].appendChild(scriptObj);
}
</script>
</head>
<body>
<center>
<input type="button" onclick="loadScript();" value="Load Script"/>
<input type="button" onclick="ExecuteDynamicScript();" value="Execute Dynamic Script" />
</center>
</body>
</html>PS: You see, this can only help you not show in the browser, as in, when the user does the view source or checks for browser cache it wont show up. But still there are ways to get the dynamic text, by reading the DOM currently present in the browser, and say by snooping in on whatever is coming from the browser.
PPS: But then a normal user is not so inclined to do that, so you can rest assured that it remains safe from more than 60% of the users.
PPS II: Cheers :)