0

I have noticed that it doesn't, but I am not completely sure. I think that once it loads, the code that is stored in memory is the one that will run - changing what is displayed won't affect what will eventually run.

So, is the code I am eventually sending to someone going to be the one that is going to run? Or could they possibly change it somehow?

I have googled this question a few times and can't find a clear answer somewhere.

Here is the "code" I used.

<!DOCTYPE html>

<html>


<head>

    <script>
        function foo() {
                alert("Foo: The button was clicked!");
        }   
    </script>

</head>


<body>
<input type="button" onclick="foo()" value="OK!">
</body>


</html>
Theo Stefou
  • 389
  • 2
  • 16
  • What do you mean by "*code I am eventually sending to someone*"? – Bergi Apr 08 '18 at 13:03
  • Me, as a server, the code that I will send to the client. – Theo Stefou Apr 08 '18 at 13:05
  • If you send someone code and ask them to run it, you can never be sure that they don't modify the code before running it, or even mess with it using a debugger while it's running, or don't run it at all because they don't like to. You can only be sure when you control the whole machine - which luckily is not the case for client-side javascript sent to browsers. – Bergi Apr 08 '18 at 13:06
  • If you're worried about security and the integrity of the code being run, don't. You should assume that clients can do what they want with your code and change/run it however they want. – Hugo Mota Apr 08 '18 at 13:08
  • @Bergi So, checking for input mistakes from the user in my javascript code is not going to protect my page, right? For example when making http requests with ajax – Theo Stefou Apr 08 '18 at 13:08
  • Validation/security code should always exist on server. When you put it in javascript on the clients, all you doing is helping the users to validate fast or better, you're not really improving security. Client code exists to provide a better user experience. Since the clients are in total control of the code, you cannot expect any kind of ensurance from it. – Hugo Mota Apr 08 '18 at 13:13
  • @TheoStefou Yes, it's not protecting your page. Everyone can make arbitrary http requests to your server. If you want to guard the server against invalid values, your server (that you control completely, or is controlled by someone you trust to do your bidding) must do the validation. – Bergi Apr 08 '18 at 13:18

1 Answers1

0

Javascript files are loaded once and interpreted by browser at that time. It means they execute just once. So editing code will not have effect in general. But for the pieces of code that executes on some event or executed periodically it will have effect, but just until page is refreshed. So for debugging purposes it's okay to change code, yet those changes won't persist long.

Mirko Acimovic
  • 508
  • 2
  • 9
  • Are you sure about that last one? Because I added an alert in a function that is called on a button click and it didn't execute. Am I missing something? @Mirko Acimovic – Theo Stefou Apr 08 '18 at 12:54
  • This way not at least I wasn't able to edit file. I guess I was wrong. – Mirko Acimovic Apr 08 '18 at 13:17