如何防止更改 Javascript 中的变量值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13064901/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to prevent the changing of a variable value in Javascript
提问by Tschallacka
Possible Duplicate:
Are there constants in Javascript?
可能的重复:
Javascript 中有常量吗?
Is there a way to declare a static of final value in javascript so that it cannot be altered by a 3rd party?
有没有办法在javascript中声明一个静态的最终值,这样第三方就不能改变它?
What I have is a article sharing application, with free users being ad supported. What I wish to do is prevent the free users from altering the innerHTML content by altering the storage variable for the content.
我拥有的是一个文章共享应用程序,免费用户受到广告支持。我希望做的是通过更改内容的存储变量来防止免费用户更改innerHTML 内容。
What I have at this moment is a timer that reloads the innerHTML of the article on user website every 5 seconds and I'm storing the value for the reload in a variable.
我现在拥有的是一个计时器,它每 5 秒重新加载用户网站上文章的 innerHTML,我将重新加载的值存储在一个变量中。
However, if a genius using jsbeatify explores which variable holds the key to removing the ad and alters that, we lose revenue and exposure of our products.
然而,如果使用 jsbeatify 的天才探索哪个变量是移除广告的关键并改变它,我们就会失去收入和产品的曝光率。
How to prevent the altering of the internal variable?
如何防止改变内部变量?
UPDATE
更新
This is the end result of what I came up with:
这是我想出的最终结果:
<div id="specialdiv"></div>
<input type="button" value="try to change the function i to do something different" onclick="t.i = function(){alert(data.secret);}"><BR>
<input type="button" value="set function to null out of spite" onclick="t=null;">
<script type="text/javascript">
e = function(){var data = { };
Object.defineProperty(data, 'secret', {
value: "Hello world!",
writable : false,
enumerable : true,
configurable : false
});this.z=function(){window.setTimeout("try{document.getElementById('specialdiv').innerHTML = '"+data.secret+"';t.i.z();}catch(err) {document.body.innerHTML=err;}",5000);}}
g = function(){};
g.prototype = new e();e=null;window.t = {}
Object.defineProperty(window.t, 'i', {
value: new g(),
writable : false,
enumerable : false,
configurable : false });g = null;
window.t = Object.freeze(window.t); t = Object.seal(window.t);
t.i.z();
</script>
This will be presented in packed format, just to make it harder just to copy the code out of the source. This way the effort to simply copy and paste the code out will be maximized and will be very hard to automate.
这将以打包格式呈现,只是为了使从源代码中复制代码变得更加困难。这样,简单地复制和粘贴代码的工作将被最大化,并且将很难自动化。
Thank you all for your answers.
谢谢大家的答案。
回答by jAndy
Yes, there is. At least for object properties, ES5 gave us the possiblity to alter the property descriptorflags by hand. So we can do that like
就在这里。至少对于对象属性,ES5 给了我们手动更改属性描述符标志的可能性。所以我们可以这样做
var data = { };
Object.defineProperty(data, 'secret', {
value: 42,
writable : false,
enumerable : true,
configurable : false
});
That way, we created a property secretwith the value 42within data, which cannot get modfied nor deleted.
通过这种方式,我们创建了一个属性secret与值42内data,不能获得modfied也不能删除。
The caveat here is, that the genius(like you called it) will also be able to spot this code and just modify that, to again be able to change the content if he wishes to. You just can'tcreate a secured front-end javascript in that way. The code will always be available as plain-text for everybody.
这里的警告是,天才(就像你所说的那样)也能够发现这段代码并修改它,如果他愿意的话,再次能够更改内容。您无法以这种方式创建安全的前端 javascript。该代码将始终以纯文本形式提供给所有人。
To make this more complete, you can also create an object and freezeit at some point, using Object.freeze()and/or Object.seal()to shutdown the option for enumerating, deletingand modifyingon properties of an object.
为了使这更完整,您还freeze可以在某个时候创建一个对象和它,使用Object.freeze()和/或Object.seal()关闭用于枚举、删除和修改对象属性的选项。
But again the word of caution: This is intended to affect your own code or foreign code, to prevent modifications by accident or on purpose at run time. There is no way to stop a developer since he can simply haltthe execution of your script, before this even can take affect.
但再次提醒:这是为了影响您自己的代码或外部代码,以防止在运行时意外或故意修改。没有办法阻止开发人员,因为他可以在脚本生效之前简单地停止脚本的执行。
