0

I have web page with such javascript:

<script>
window.onblur = function(){
    alert("Don't leave this page");
    document.location.href = "show_results.php";
}
var sec = 15;
tim = function(){
    sec--;
    document.getElementById("mytimer").innerHTML=sec;
    if(!sec) document.location.href = "show_results.php";
}
stop_timer=function(){
    clearInterval(timer);
}
start_timer=function(){
    timer = window.setInterval(tim,1000);
}
</script>

So I allow to watch my page for 15 seconds and I disallow to leave it, but for example, using Tampermonkey, users can redefine my functions. They can write something like:

window.onblur = function(){}
function f(){
    sec=16;
    setTimeout(f,1000);
}
f();

After that timer breaks and users can leave page. How to protect my page from such actions?

P.S.: This page is a quiz and I don't want to allow users to search a correct answer via Internet.

aangairbender
  • 1
  • 1
  • 2
    That seems so annoying, that it's suprising that anyone would visit your site at all? The short answer is, you can't prevent the user from leaving anyway, so why be annoying and try with silly alerts. – adeneo Mar 13 '16 at 18:50
  • That's just an example. That could be onclick for some button, instead of onblur for window. – aangairbender Mar 13 '16 at 18:55
  • 1
    There's nothing you can do to prevent users from disabling or modifying your scripts. The scripts are running on their computer and they have full control over them. – JJJ Mar 13 '16 at 18:56
  • `addEventListener` is there so that event listeners won't be overwritten and can only be removed using `removeEventListener` with the function used as listener. But this will only protect your code agains conflicts with other scripts. `[...] This page is a quiz and I don't want to allow users to search a correct answer via Internet.[...]` there is not way to prevent this. – t.niese Mar 13 '16 at 18:59

0 Answers0