Lee Jong Sung said:
Yes, you're right.
but isn't there some way to make hard to know the link
value ? I just like to bother some one to try find it.
The most extreme attempts to conceal information in web pages take just
10 minutes to reverse (often much less). So it's no bother.
Extraction information such as the SRC attributes of IFRAME tags is even
easier. For example, the javascript: URL:-
javascript:void (function(){var
s='';n=document.getElementsByTagName('iframe');for(var
c=n.length;c--
{s+=n[c].src+'\n';}alert(s);}());
- can be bookmarked and then executed in any page and will list the -
src - attributes of all IFRAME elements on the page. Similar approaches
might list all of the location.href values for each item in the frames
collection, or the href of all links in the document.links collection
and so on. That is all getting the browser to tell you about its current
state so any source encoding/decoding is completely side-stepped. (The
list can also be displayed in a new window for easy cut-n-paste and an
IE specific javascript URL could put the list in the clipboard for easy
copying).
Can you tell me hint or something of encrytion in PHP and
decreiption at Javascript?
I think it's a good way for me.
You would turn a page that does not need to be JavaScript dependent into
a page that is JavaScript dependent but you will not be doing anything
useful towards acheaving your stated goal.
If you don't want the user of a web browser to know something your
_only_ option is not to send that information to them.
Richard.