Home/ Questions/Q 100751
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T00:38:22+00:00

I was working with a online game website. There are some event which call

  • 0

I was working with a online game website. There are some event which call a javascript function and the function have some action with callback.

something like this,

 <input type='button' onclick='changeSomething'/>    function changeSomething() {          /// some call back, which changes something   }

now anybody who knows this can call this changeSomething from the address bar of the browser, which I do not want.

Very unlikely that somebody will do it, but I want to allow it.

Is there anyway to prevent situation like this ?

Thanks.

P.S. I tried, but still not sure whether I explained it well enought. Please let me know if you are not getting something.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. You will never be able to get 100% protected from any technique you try. It’s a losing game.

    Having said that one way to get closer to your goal is to remove the onclick attribute altogether, and bind your click handler (ie ‘changeSomething’) via javascript:

    html:

    <input id='foo' type='button' />

    js:

    addEvent(document.getElementById('foo'), 'click', function() {     /// some call back, which changes something })

    The callback becomes anonymous then (eg there is no ‘changeSomething’ function anymore). These evil users can’t call it directly if they don’t know its name!

    There are still ways around this technique too, but we won’t mention those lest we give the evil doers ideas 🙂

    (BTW addEvent is just a sample library function for adding event handlers. I’m sure you have access to one. If not here you go.)

    • 0