如何保护js免受自定义事件的影响 [英] how to protect js from custom events
问题描述
我正在使用canvas和easeljs在javascript上编写游戏,我想知道是否有任何方法可以保护它。例如,我使用 stage.Addchild(index)向舞台添加新对象。简单地编辑DOM我可以附加新的事件处理程序并触发它,例如< body onclick =stage.removeChild(0)> 这将删除所有阶段对象一个接一个。
I am writing a game on javascript with canvas and easeljs and I wonder if there are any ways to protect it. For example, I use stage.Addchild(index) to add a new object to the stage. Simply editing DOM I can attatch new event handler and fire it, something like <body onclick="stage.removeChild(0)"> and this will remove all the stage objects one by one.
我正在考虑过滤所有即将发生的事件,并检查是什么解雇了它。但我不知道该怎么做,可能有更好的方法来制作它...请指出我正确的方向...
I was thinking to filter all the coming events and check what had fired it. But I am not sure how to do that and there may be better ways to make it... Please point me in the right direction...
推荐答案
保护Javascript的最佳方法是将所有初始化代码放入闭包中,不要对全局变量公开任何内容。
The best way to protect your Javascript is put all of your initialization code into closures and not expose anything against global variables.
但是,这仅提供对运行时命名空间冲突的一些保证,并且可以用作良好的开发实践。
However, this only provides some guarantees against run-time namespace clashes and is meant to be used as good development practice.
您不能信任客户端上运行的任何代码;对于反作弊行为,您需要检查服务器端的传入输入。用户可以100%控制浏览器中运行的内容,这包括控制以任意方式修改代码。
You cannot trust any code run on the client side; for anti-cheat behavior you need to check incoming inputs on the server-side. The users have 100% control over what is running in their browsers and this includes control to modify your code any way they wish.
这篇关于如何保护js免受自定义事件的影响的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
