-1

I want to hide the source of JS from direct access. So I thought to produce a disposable JS file. I use a temporary session cookie. The cookie is set before including JS file and expires then.

rather than the idea itself, my exact question is that how a browser manipulate the JS file? Does it cache a copy of JS file as soon as we write <script> tag or the script tag is just a reference and the browser should have access to JS file all times?

sample asp source:

<html>
  <body>
    <% response.cookies("tempJs")="yes"%>
    <script src="myscripts.asp"></script>
    <% response.cookies("tempJS")="no"%>
  </body>
</html>

Sample disposable JavaScript (myscripts.asp):

<%
response.ContentType="text/javascript"
if request.cookies("tempJs")="yes" then
%>
    document.write ("Hello world");
<%
end if
%>
Bergi
  • 630,263
  • 148
  • 957
  • 1,375
Ali Sheikhpour
  • 10,475
  • 5
  • 41
  • 82
  • 3
    `I want to hide the .source of JS from direct access. ` not possible, even if you remove the script tag, from dev tools network your code is visible.. The best you can do is uglyfy your js, or have important logic server side. – Keith Apr 21 '18 at 12:21
  • "So I thought to produce a disposable JS file. I use a temporary session cookie. The cookie is set before including JS file and expires then." - what does this mean? – Parv Sharma Apr 21 '18 at 12:23
  • Please check the sample codes. I have a temporary cookie before – Ali Sheikhpour Apr 21 '18 at 12:26
  • @AliSheikhpour That's not possible. The cookies are sent before the document body, and you cannot send two different values for the same cookie. – Bergi Apr 21 '18 at 12:34
  • @AliSheikhpour What you could do is a cookie that expires immediately. – Bergi Apr 21 '18 at 12:34

1 Answers1

1

My answer is not the answer to the question you have asked but is probably still what you are looking for.

You need to understand the difference between scripts being executed on the server side and the scripts being executed on the client side.
Javascript executes on the client side so anything written between <%%> tags have no effect ones the js has been given in response.

So what you are essentially doing is.

  • Setting a variable yes then
  • Adding the <script></script> tag to your response and then
  • Setting the variable false.
  • After this response is sent back so the value of the variable still is no. The value of the variable is sent back with the response as a Cookie.
  • Now the browser parses the HTML.
  • Sees the tag and requests for myscripts.asp Having the value no set in the cookie which is added to the request.
  • Server sees the value of the cookie as no and renders the script accordingly. Which is your case is without the line document.write ("Hello world");(This is probably the reason you are asking about the caching issues. It is not getting cached.)
Parv Sharma
  • 12,581
  • 4
  • 48
  • 80
  • Thank you. I voted up to your answer for useful details. But as you said the main question is about browser itself. I understood that my idea will not work however I can ask the question again with some other ideas. Besides are you sure that the browser call for external files after page load? or calls them line by line and finally presents a static output file? – Ali Sheikhpour Apr 21 '18 at 13:22
  • No Matter how broser does it Line by Line or after page load the result will be the same, anything inside <%%> dosent even reach browser – Parv Sharma Apr 21 '18 at 19:58