I have a website where all the pages are processed through an index.php based on the requested URL Includes various PHP files (this is done via mod_rewrite).
I am using the following method to perform a specific function on page load:
index.php
< Code> & lt; Script type = "text / javascript" & gt; ReadyFns = Array (); & Lt; / Script & gt; & Lt ;? Php // Do some things here, and get the name of PHP page to include from DB $ pageToInclude? & Gt; & Lt; Script type = "text / javascript" & gt; CommonFunctionToApplyToAllThePages (); OtherCommonFunction (); // page-specific function for {i = 0; i & lt; readyFns.length; i ++} {if (type (window [ready] [=]] == "function") window [ready] [i]] ();} The included page .php
I like this approach very much because I have to set a ready fan at the end of this page and everything else G will be handled properly by index.php . My question is: Is it safe? Can anyone be sensitive to creating a link that arbitrarily readyFns < / Code> to indicate some malicious code and then link to my site? How do I stop it?
thanks nico
< Div class = "post-text" itemprop = "text">
It's interesting in theory, it's probably fine, but you Dr. are right to be concerned it is just compiled a list of keys to view the function on an object and execute, so it is not really a security issue in that regard. But, you are essentially providing access to all such encyclopedias. You probably want to improve a global object in addition to windows to store your work, such as:
var funcs = {}; Funcs.someFunction = function () {/ * blah * /}; Funcs.someOther = function () {/ * blah * /}; and then loop over your readyFuncs object window instead of funcs . I do not think there will be anything to worry about the past.
Of course, there are other things in your view that can improve, but I think it's fine - if it works you can
Comments
Post a Comment