检查javascript、用户code=server代码的完整性

Question

有没有一种方法可以验证用户在使用客户端页面时使用Firebug更改了jQuery/JavaScript？

Answer 1

不，没有办法证实这一点。

当涉及到来自浏览器的输入时，您应该始终进行验证和验证。Never trust the client。

Answer 2

不是的。客户端本质上是不安全的，它属于用户，而不是您。

Answer 3

简而言之，这并不重要。

长长的答案：

  It matters if you are treating the JavaScript as part of your application structure, similar to how a SQL injection attack does bad things to your system.  You should validate that anything that gets passed from the client is sanitized before being stored.  The interesting attack vector here is if you allow me to persist elements into the structure of the web page and retrieve them at a later time.  You have opened the doors to a reflected XSS attack (one of my favorites).  This is indicative of a failure to sanitize user input and/or a failure to separate concerns UI from the system level code.