I'm trying to make this code as secure as possible are there any imediate flaws that jump out? I think I have it locked down pretty tightly, is there anything else you would imp开发者_运维百科lement?
function CheckPin(){
var str="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
var strId= document.form1.tbPin.value;
var lenId=strId.length;
var check=true;
//if (lenId != 20)
if (!(lenId ==20 || lenId == 10))
{
alert("You must enter a 20 or 10 digit pin number.");
document.form1.tbPin.focus();
return false;
}
else
{
//for(var i=0;i<20;i++)
for(var i=0;i<lenId;i++)
{
check=str.indexOf(strId.charAt(i));
if(check == -1)
{
alert("Do not use special characters.(e.g. @,#,&) ");
document.form1.tbPin.focus();
return false;
break;
}
else
{
if (i ==19)
{
break;
}
}
}
}
if (document.form1.btnChecker.value == 1)
{
alert("The processing is in progress.");
return false;
}
document.form1.btnChecker.value = 1;
}
</script>
<script src="../JS/Tags.js" type="text/javascript"></script>
<script src="../JS/Tags2.js" type="text/javascript"></script>
Tags.js:
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
Tags2.js:
var pageTracker = _gat._getTracker("UA-1376772-6"); pageTracker._initData(); pageTracker._trackPageview();
Critical calculations must not be done in the browser. Anything that you run in the browser is meant purely as a convenience for the user. Having said that, the validation you do via JavaScript in the browser should produce the same result as the one you have to do on the server anyway.
精彩评论