3

Is there a way to verify that the user changed the jQuery/JavaScript with Firebug during the use of client-side page?

Chris
  • 44,602
  • 16
  • 137
  • 156
FredB
  • 53
  • 5

3 Answers3

4

No, there is no way to verify this.

When it comes to input from the browser, you should always verify and validate. Never trust the client.

Oded
  • 489,969
  • 99
  • 883
  • 1,009
  • Too bad, it seems that with the passing years, there is something missing. – FredB Sep 19 '12 at 11:06
  • @achat.net - Something missing? The advice is not new. – Oded Sep 19 '12 at 11:08
  • Not the advice, the possibility to control is missing ! probably my english. – FredB Sep 19 '12 at 12:03
  • @achat.net - But that possibility was never there. As soon as the process runs on a different machine, it is out of your control (assuming you don't control the other machine). – Oded Sep 19 '12 at 12:25
1

No. The client is fundamentally unsafe and belongs to the user, not you.

spender
  • 117,338
  • 33
  • 229
  • 351
0

Short answer it doesn't matter.
Long answer:
It matters if you are treating the JavaScript as part of your application structure, similar to how a SQL injection attack does bad things to your system. You should validate that anything that gets passed from the client is sanitized before being stored. The interesting attack vector here is if you allow me to persist elements into the structure of the web page and retrieve them at a later time. You have opened the doors to a reflected XSS attack (one of my favorites). This is indicative of a failure to sanitize user input and/or a failure to separate concerns UI from the system level code.

Woot4Moo
  • 23,987
  • 16
  • 94
  • 151