StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow secure is my javascript, how easily can it be exploited?
text
Body
copied!<p>I'm trying to make this code as secure as possible are there any imediate flaws that jump out? I <em>think</em> I have it locked down pretty tightly, is there anything else you would implement?</p> <pre><code> function CheckPin(){ var str="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; var strId= document.form1.tbPin.value; var lenId=strId.length; var check=true; //if (lenId != 20) if (!(lenId ==20 || lenId == 10)) { alert("You must enter a 20 or 10 digit pin number."); document.form1.tbPin.focus(); return false; } else { //for(var i=0;i<20;i++) for(var i=0;i<lenId;i++) { check=str.indexOf(strId.charAt(i)); if(check == -1) { alert("Do not use special characters.(e.g. @,#,&) "); document.form1.tbPin.focus(); return false; break; } else { if (i ==19) { break; } } } } if (document.form1.btnChecker.value == 1) { alert("The processing is in progress."); return false; } document.form1.btnChecker.value = 1; } </script> <script src="../JS/Tags.js" type="text/javascript"></script> <script src="../JS/Tags2.js" type="text/javascript"></script> </code></pre> <p>Tags.js:</p> <pre><code>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </code></pre> <p>Tags2.js:</p> <pre><code>var pageTracker = _gat._getTracker("UA-1376772-6"); pageTracker._initData(); pageTracker._trackPageview(); </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload