There is no way to stop people viewing your javascript.

I know I could validate the values off a server database and that would protect visitors from finding out the valid entries, but are there any other options? Thanks.

No. Do your validation on a server side script. There is no way to stop users viewing your javascript.

Even if you do make it look up the values off a server, a coder could very, very easily make your script do an alert to display the values after lookup.

So I can just have the javascript file with my edits run as a server side script? Can you point me to an explanation of how to do this? I looked around a bit but I haven't found any basic instructions, at least none that gave the details for me to get it done. Thank you again...I do appreciate it!

Can you point me to an explanation of how to do this?

Not exactly. There is no pre-made script to do what you want. But if you explain precisely what you want to do in the PHP or Perl forums I'm sure those guys will have something to hand.

Ok- I think I understand. I need to rewrite my javascript client-side edit in Perl. I am submitting an email from the ASP page after running the javascript edit, so I guess I would add the Perl version of the edit in front of the sendmail. If I'm lost, please let me know. Thanks for your help!

Oh, ok you're using sendmail? Is this one of those 'enter these characters' things to protect against spam?

If you already have a Perl sendmail script, it would be much safer to put any validation in there. It's secure, users can't mess, so much more reliable.

I'm using a Perl sendmail script already, so I'll plan to add the edit right there. The field I'm editing isn't a spam protection field. Thanks for helping me sort thru this. I appreciate it!

There is a partial solution to your problem and is obfuscating your javascript files. This is a process in which the code is changed so not anyone can understand it though the funcionality is still the same.
This will avoid the need of server side scripting, although that's the right solution.
Try finding javascript obfuscators or compressors (this also reduces the size of files substantially).

Regards,

David

[edited by: engine at 10:35 am (utc) on Sep. 26, 2008]
[edit reason] no sigs/urls, thanks [/edit]

An obfuscator will not solve the problem, as the code can easily be reformatted/beautified into a readable format. And values (like the strings you're matching against) would not be changed. A server side solution is the only reliable solution.