如何从浏览器控制台禁用JavaScript函数调用？ [英] How to disable JavaScript function calls from the browser console?

问题描述

我正在研究HTML / JavaScript中的Web应用程序，并且我想阻止用户在其浏览器控制台中调用函数，以避免作弊。所有这些函数都包含在一个名为 functions.js 的独特文件中，该文件加载到 index.html 文件。

在网上搜索后，我发现这个解决方案在Google Chrome中运行良好，但在其他浏览器（如Firefox）中效率不高：

  var _z = console; 
 Object.defineProperty（window，console，{
 get：function（）{if（_z._commandLineAPI）{throwScript execution not permitted} return _z;}，
 set ：function（val）{_z = val} 
}）; 
  

是否有一种通用的方法可以禁用来自控制台的函数调用？它是依赖于浏览器，还是它只是一个范围问题或者其他我忽略的问题？ $ b

是否有一种通用的方法可以禁用来自控制台的函数调用？

不。不存在：从不。显然，Facebook在谷歌浏览器中找到了一种方法：如何Facebook是否禁用浏览器的集成开发工具？ - 但我认为它是一个bug： - ）

其他的我忽略了？

是的。 JavaScript在客户端执行，客户端拥有完整的权力。他可以选择是否执行它，如何执行它并在执行之前按需要修改它。现代开发人员工具允许用户在调试脚本时在任意范围内执行任意函数。

您可以通过避免去反省和使用（调用）代码在全局范围内展示您的方法，并通过混淆（缩小）来源。但是，永远不要相信客户。为避免作弊，您必须在服务器上执行所有关键任务。不要期望所有请求都来自您的JavaScript代码或浏览器;您将需要处理可能由某种机器人发出的任意请求。

I'm working on a web application in HTML/JavaScript, and I want to prevent users from calling functions in their browser console in order to avoid cheating. All these functions are contained in a unique file called functions.js which is loaded in the head of the index.html file.

After a search on the web I found this solution, which works fine in Google Chrome, but it is inefficient in other browsers such as Firefox:

var _z = console;
Object.defineProperty( window, "console", {
    get : function(){if( _z._commandLineAPI ){ throw "Script execution not permitted" } return _z; },
    set : function(val){ _z = val }
});

Is there a general way to disable functions call from console? Does it depend on the browser or is it just a problem of scoping or maybe something else that I have ignored?

解决方案

Is there a general way to disable functions call from console?

No. there isn't: Never. Well, apparently, Facebook found a way in Google Chrome to do so: How does Facebook disable the browser's integrated Developer Tools? - though, I would consider it a bug :-)

Is it maybe something else that I have ignored?

Yes. JavaScript is executed client-side, and the client has the full power over it. He can choose whether or not to execute it, how to execute it and modify it as he wants before executing it. Modern developer tools allow the user to execute arbitrary functions in arbitrary scopes when debugging a script.

You can make it harder to introspect and use (call) your code by avoiding to expose your methods in the global scope, and by obfuscating (minifying) the source. However, never trust the client. To avoid cheating, you will have to perform all crucial task on the server. And don't expect all requests to come from your JavaScript code or from a browser at all; you will need to handle arbitrary requests which might be issued by some kind of bot as well.

这篇关于如何从浏览器控制台禁用JavaScript函数调用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！