0

I need to check on disabling JavaScript if the user disabled JavaScript from browser or firewall or any other place he will never show the form. I have lots of search and solutions, but unfortunately didn't got the right one. - Using style with no-script tag: This one could be broke with removing style...

<noscript>
<style type="text/css">
.HideClass {
display:none;
}
</style>
</noscript>


The past code will work just fine but there is lots of problems in no-script tag as here

Beside that i don't want to redirect user with no-script tag too...Beside that i can quickly stop loading the page to broke this meta or disable Meta tag from IE:
<meta http-equiv="refresh" content="0; URL=Frm_JavaScriptDisable.aspx" />

Another way to redirect user with JavaScript but this will work let's say for 99% of users and this one isn't lovely way and will slow down the website...
window.location="http://www.location.com/page.aspx";

Is there is any other ideas or suggestions to secure working with JavaScript...and prevent user from entering the website or see my form except when JavaScript enabled...

Improve this question
9
  • Read this: stackoverflow.com/questions/121203/… Commented Oct 20, 2013 at 13:54
  • 4
    Can't you do it the other way around? Hide it for everyone, then use Javascript to show it. Commented Oct 20, 2013 at 13:54
  • If i want to break down the website its easy to know first what you are doing to show with style then i disable JS and re-enter the website and put style with my own hand. Beside that i would prefer if there is a way other than styling because it's easily broken. Commented Oct 20, 2013 at 13:59
  • 1
    you could use ajax call to fetch and display your form which will work only when javascript is enabled. Commented Oct 20, 2013 at 13:59
  • Thank you @Biker for help but unfortunately there is a problem if the user disabled the cookie but enabled the JS then this suggest will not work fine... Commented Oct 20, 2013 at 14:22

2 Answers 2

Reset to default
2

It sounds like you are relying on javascript for security in some way (based on the security tag and your descriptions of various work-arounds that the client could do to bypass your scheme).

This isn't a good idea - you cannot rely on the client executing your javascript correctly, even if it is enabled. A sophisticated user can send any http method they like to your webserver, regardless of what you serve them. They can also pretend to be any client, with any capabilities (script, noscript, etc) and you can not reliably tell whether their reported capabilities are accurate.

So, make it usable/attractive, and don't worry that advanced users might be able to bypass your scheme - make sure your website is secure no matter what requests come from the client.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If your talking were really true then try to disable Cookie or disable JavaScript or even both and you will not be able to login to Hotmail hotmail.com for example... I just need to show up my website just like this... no one can access some pages except if he enables JS and Cookies...
What you are trying to do is not possible. Don't try to use javascript for security. Use an approach such as the one suggested by John below which will work for users that aren't trying to bypass it.
0

Something like that using jQuery:

EXAMPLE 1:

<div id='form_placeholder'></div>

<script type='text/javascript'>

var form='<form><input type="text" name="cat"/><input type="submit" value="submit" name="submit"/></form>';

$(document).ready(function(){

    $('#form_placeholder').html(form);

});

</script>

If javascript is enabled script should show the form.

OR simply

EXAMPLE 2:

<div id='form_placeholder' style='display:none'>
<form>
<input type="text" name="cat"/>
<input type="submit" value="submit" name="submit"/>
</form>
</div>

<script type='text/javascript'>

 $(document).ready(function(){

        $('#form_placeholder').show();

    });

</script>
Improve this answer

6 Comments

Thank you for help, unfortunately I'm trying to avoid any use of styling because it's easily broken with any intermediate user not even professional if he just remove style part then he is able to see everything.
My first solution here is not using any styles. Just like @Michael said, you cannot expect any security with javascript. It is a client side language, that means its contents can be seen and manipulated by user. In this case all you can do is some hacks like you see in my example. If you want to prevent access to unregistered users use server side language in combination with sessions.
Yes @Biker i know about security fail in user's browser. Just want maximum secure for me and about style I'm talking about your part in <div id='form_placeholder' style='display:none'> Beside that my comment on @Michael about tray out in Hotmail they succeed to do my wishes... Then how?
There are two examples in my post. First one does not use style. It generates the html and puts it inside the desired div placeholder. As for the hotmail, im not sure, but i assume they probably use a similar method.
About first part this is Great! But this means that i should put all my work inside this script tag then if JS enabled it will show up other else it will not show up... Am i right?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.