Re: Decoding html pages
- From: Spamless <Spamless@xxxxxxx>
- Date: 25 Oct 2008 18:01:53 GMT
On 2008-10-25, Gregor Kofler <usenet@xxxxxxxxxxxxxxx> wrote:
Spamless meinte:
[lenghty explanation snipped]
You never see the raw index.html *file* with its embedded PHP code but only
the HTML code that the PHP engine produces *from* the raw html code and that
returned HTML code depends on the current state/session data. This is all
done server side and the visitor does not see the server-side state data
which determines which page he/she gets.
So what? That's the case with practically any PHP "page" (or any by a
server-side script generated page for that matter).
True, but this is a Javascript group and at least the person who saw the
original file knew some Javascript but apparently did not recognize how the
embedded PHP code works. It was intended to be an elementary explanation.
The closedsource code presented at
http://code.google.com/p/turbojs/wiki/ClosedSourceJS
was simply to prevent one from getting the *.js file except when the "proper
page" is loaded, to prevent someone from just harvesting *.js files (and if
they try, to be able to give them bogus script and they may not realize that
it isn't the real code used).
Of course the script does load, when you load the proper page (else it would
be pointless) and you do have it - somewhere - in your browser's cache, for
example though the "[script src ...]" might have been removed from the page
using the DOM and does not appear in firebug so you don't have the file name
- but ... in firefox, View|Page_Source still shows that inclusion and the
file name for searching the cache.
Tell someone that the ineteresting script is at
http://someplace.com/interesting.js
and they attempt to get it without knowing a page URL which can/must be used
actually to get the code and they may find a totally different script.
If you know that you have to load a particular HTML page to get a particular
script, you can load the HTML page to get the script (or have to load a
particular image or have seen a particular ad or ...) you can do it. It does
put limits (of which the remove visitor is unaware) on how/when a particular
script can be accessed.
.
- References:
- Decoding html pages
- From: Santander
- Re: Decoding html pages
- From: Spamless
- Re: Decoding html pages
- From: Santander
- Re: Decoding html pages
- From: Gregor Kofler
- Re: Decoding html pages
- From: Santander
- Re: Decoding html pages
- From: Spamless
- Re: Decoding html pages
- From: Spamless
- Re: Decoding html pages
- From: Gregor Kofler
- Decoding html pages
- Prev by Date: Re: FAQ 5.40, Ajax and GET
- Next by Date: Re: Advanced Core Javascript
- Previous by thread: Re: Decoding html pages
- Next by thread: Do people think this is logical behavior from the string split method ?
- Index(es):
Relevant Pages
|
