convertir matriz PHP a matriz JS (sin escribir contenido)

I have a PHP array with URL's that I would like to keep hidden (or at least more difficult to copy) I need to convert this array to a JS array. Is it possible without writing the items in JS?

So NO like in following example where the URL's can be found in the source...

<?php
    $arr = array("http://foo.com","http://bar.com","http://baz.com"); 
?>

<script>
    var newArr = new Array("<?php echo implode(',' ,$arr); ?>");
</script>

preguntado el 27 de agosto de 11 a las 14:08

Even if you obfuscate them (which is all you can do) they can be dug up with a JS debugger. -

8 Respuestas

Nope. This is not possible without writing the items in JS.

Respondido 27 ago 11, 18:08

Javascript could read the data via an AJAX request, it wouldn't show up in the page source but you'd be able to see it with any half-decent web developer toolset.

Respondido 27 ago 11, 18:08

It's not possible to do it without writing the items in JS. However if you are using those variable for validation, you could transfer that validation on the server and use AJAX to call that validation.

Respondido 27 ago 11, 18:08

I don't think it is possible, but depending on what you are trying to do, you can remove the script element from the DOM when you are done with it, so it won't appear in your source code to the user. This kind of technique is quite useful for example when building a javascript block that other people would include on their site. The javascript code can ran, and when it's finished remove itself from the DOM so other people can't copy your code.

Respondido 27 ago 11, 18:08

It will appear in the source code. I think you are mistaken the source code and the DOM tree that you can see in debugger. - HoLyVieR

If you want one of your system's component not to touch some piece of data, don't give it the data.

However, if the browser cannot have the data, it cannot use it, either. There's a dilemma...

Maybe you want to insert an extra indirection: have your PHP provide a series of 'command-url's' to the javascript GUI, and have it trigger these commands instead of letting it know your sensitive data.

Respondido 27 ago 11, 19:08

If you want to make the urls unreadable you can encode each character to \xnn escape sequence:

<?php
    $arr = array( "http://foo.com","http://bar.com","http://baz.com" ); 
    $encodedArr = array();
    foreach( $arr as $url ) {
        $encodedUrl = '';
        for( $i = 0; $i < strlen( $url ); ++$i ) {
            $encodedUrl .= '\\x'.str_pad( 
                  sprintf( '%x', ord( $url[$i] ) ),
                  2, STR_PAD_LEFT );
        }
        $encodedArr[] = '"'.$encodedUrl.'"';
    }
?>
<script type="text/javascript">
    var newArr = [ <?php echo implode(',' ,$encodedArr); ?> ];
    alert( newArr[0] );
</script>

the written javascript will look like this:

var newArr = [ "\x68\x74\x74\x70\x3a\x2f\x2f\x66\x6f\x6f\x2e\x63\x6f\x6d","\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x72\x2e\x63\x6f\x6d","\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x7a\x2e\x63\x6f\x6d" ];
alert( newArr[0] );

but will alert http://foo.com

Respondido 27 ago 11, 19:08

Directly it is not possible. JavaScript code is interpreted, so no chance to hide it.

Another way is to make make an ajax call to file which will echo the items.

If you wish more security make 2 GET calls one to get some info, process it with the js and use it at the second call which will get your array. Something like the "obscurity" or "time" method. In theory this will add some protection.

Or as nobody sugiere you can use again the technique with the 2 GETs, and encode and decode dinamically the data in the array. This will add more security.

contestado el 23 de mayo de 17 a las 14:05

Use JSON.

In PHP, that'd be:

<?php
$arr    = array('http://[a]', 'http://[b]', 'http://[c]');

echo json_encode($arr);

in JS:

<script type="text/javascript">
arr[0]; // http://[a]

arr.each(function(k,v){
    v; // http://[a]

    // loops trough the remaining values
});

Respondido 27 ago 11, 18:08

Double read the question, I did the same mistake too. He doesn't want the values to be visible in the source. - HoLyVieR

I see, so he is basically asking "is it possible to write the content in a way that no one could read it?" Makes sense. Anyway, the proper term for that is obfusaction. If that's what he wants, this question is duplicate. stackoverflow.com/search?q=obfuscate+text+JS - Anacardos

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.