开发者

Javascript ouside public_html?

开发者 https://www.devze.com 2023-01-20 17:32 出处:网络
I开发者_运维技巧s there any way/reason to keep your js/jQuery ouside public_html? Are there security benefits?All javascript is readable no matter where you put it on your server. The best you can do

I开发者_运维技巧s there any way/reason to keep your js/jQuery ouside public_html? Are there security benefits?


All javascript is readable no matter where you put it on your server. The best you can do is obfuscate it:

How can I obfuscate (protect) JavaScript?

Plus, jQuery is open source, so there is no benefit of storing it any place in particular.


JavaScript is code that is executed by your visitor's browsers so it must be public. It is good practice to compress your JavaScript code because it will require less bandwidth to transfer and it will make it harder for other to read it (i.e. figure out how to exploit it). Yahoo offers a free JavaScript compressor.


Is there any reasons to keep your JavaScript outside public_html?

  • It allows for a more optimized server-side and client-side caching of the resources.
  • It allows for a more parallelized download of the resources from the server by the client.
  • It makes it easier for you to separate your UI's presentational layer (your HTML code) from its controls and logic layer (your JavaScript code), which also means:
    • It makes it easier for you to manage.
    • It's easier to share across your team (you won't have designers and developers working on the same pieces of code, and you separate functionalities in smaller resources (even if you compile them together for a production server).
    • As a result of this, the design of your JS code will most probably be more prone to testability.
  • It also allows you to not load some bits and pieces you may not need all the time. It thus also facilitates code reuse for some of these bits when they're needed somewhere else, without having to duplicate them in other huge files of stuff put together.

Is there any ways to keep your JavaScript outside public_html?

Sure. Just put the code in a external JS files and inject them normally using script tags. Or inline them with your build script or template engine. Be sure to decouple your HTML from your JS (no ugly JS injected directly with on<something>=javascript:doThisOrThat() in your tags) and to use more standard and robust methods instead (use a system compliant with the W3C DOM Level 2 Event model. jQuery is very practical for this anyway, as it's designed with progressive enhancement in mind).

Are there security benefits?

Short answer: no. But you have a clear increase in code quality, which would be easily relating to your overall security. But having your JS within the same file is not a security flaw. If what you meant is that you're concerned about your JS code being visible by visitors, as other answers already mentioned: you cannot do anything it about this. You can make it harder and more painful to look at (via obfuscation), but this won't prevent someone who really wants to to dig into your code. My recommendation: don't waste your time and efforts on that.


Unless it's in a writable location (which it shouldn't be), no.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号