PHP 文件输出 javascript 以包含为 JS 文件 - 需要限制,使其不会在浏览器窗口中打开
我将配置详细信息存储在数据库中,我需要在 javascript 中使用该数据库。我使用 php 访问所有这些内容,而不是将所有详细信息输出到主页上的内联 javascript 代码中,而是创建了一个输出内容类型 javascript 的 php 文件,并在我的主页中将其作为外部 javascript 文件引用。
我想对其进行设置,以便无法在浏览器窗口中查看它,即:
<script type="text/javascript" src="phpFileThatDoesJS.php" ></script>
应该可以工作,但在浏览器中输入 www.mysite.com/phpFileThatDoesJS.php 不应该
编辑 === =======
问题是我必须编辑一个脚本,由于某些奇怪的原因,该脚本将用户的用户名和密码存储在 javascript 对象中并将其输出到脚本标记中。我必须对其进行设置,以便通过简单的查看源操作无法查看它。这就是为什么我想将它作为外部 javascript 来引用。
有没有我可以使用的 htaccess 技巧?
I'm storing configuration details in a database which I need to use in javascript. I'm accessing all this using php and instead of outputting all the details into inline javascript code on the main page I've instead created a php file that outputs content type javascript and refernce it in my main page as an external javascript file.
I want to set it up so that it can't be viewed in a browser window i.e :
<script type="text/javascript" src="phpFileThatDoesJS.php" ></script>
should work but typing www.mysite.com/phpFileThatDoesJS.php in the browser shouldn't
EDIT ==========
The thing is that I have to edit a script that for some oddball reason stores the username and password of a user in a javascript Object and outputs it within script tags. I have to set it up so that this is not viewable by a simple view source action. Thats why I thought of referencing it as an external javascript.
Isnt there any htaccess tricks that I could use?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我知道的唯一方法(但不可靠)是检查 HTTP Referer 标头。除此之外,浏览器通过
此外,您确实意识到用户仍然能够查看/访问源代码。
-- 回答您更新的问题 ------
不。如果将其发送到浏览器,最终用户就可以访问它。
-- 进一步回答您更新的问题 -----
真的,我一定想知道为什么您想在 Javascript 中存储用户的用户名/密码。您是否计划将其与 Javascript 一起实际使用,就像将其发送到远程站点一样?或者您计划通过表单或 Ajax 风格的请求发送回服务器?
如果您打算将其发送回服务器,为什么不使用会话变量呢?
The only way I know of, and it isn't reliable, is to check the HTTP Referer header. Other than that, there isn't a difference between a browser requesting the resource through a
<script>tag and a user browsing to it directly.Additionally, you do realize that the user will still be able to see/access the source code.
-- Answer to your updated question ------
Nope. If you send it to the browser, the end user can access it.
-- Further answering your updated question -----
Really I must wonder why you are wanting to store the username/password of a user in Javascript. Is this something you plan on actually using with Javascript as in sending it to a remote site? Or is it something you plan on sending back to the server through a form or an Ajax style of request?
If you plan on sending it back to the server, why not use Session variables?
在输出开始之前,您是否在 php 文件中将内容类型指定为
application/javascript喜欢
——更新
如果您使用 js,那么它对用户是可见的。你无法隐藏 js 脚本中的内容。
关于 htaccess 您可以使用 .htaccess 将 .php 更改为 .js
尝试
然后您可以调用相同的文件,例如
did you gave the content type as
application/javascriptin the php file before the output startslike
-- update
If you are using the js then it is visible to the user. you cannot hide what is in the js script.
and about htaccess you can change the .php to .js using .htaccess
try
then u can call the same file like