Question

0

1

I have a list of image paths in my PHP script that I would like to pass to javascript whitout rendering them in the HTML page. I mean, I don't want people go fishing for the path's when do do a > view HTML source.

<?php
    $images_str = "some/dir/001.jpg|*|some/dir/002.jpg|*|some/dir/003.jpg";
    $images_arr = array('some/dir/001.jpg', 'some/dir/002.jpg', 'some/dir/003.jpg');
?>
<html>
<body>
    <script type="text/javascript">

        var dynamicID = 1;

        /* String */
        _images_str = "<?= $images_str ?>";
        _images_str_arr = _images_str.split("|*|");

        // alert(_images_str_arr[dynamicID]); // OK but renders the image paths in javascript

        /* Array */
        var _images_arr = new Array();
        _images_arr = "<?= $images_arr ?>";

        // alert("<?= $images_arr ?>"); // "Array"
        // alert(_images_arr); // "Array"

        // alert(_images_arr[1]); // "r" from "Array"
        // alert("<?= $images_arr[1] ?>"); // "some/dir/002.jpg" works! but how to use dynamicID??

        // alert("<?= count($images_arr) ?>"); // works as well

    </script>
</body>
</html>

flag	asked Feb 28 at 9:14 FFish 113●6 76% accept rate

Darin Dimitrov · Answer 1 · 2010-02-28 09:57:00Z

I don't want people go fishing for the path's when do do a > view HTML source

What are you going to do with those image paths in your javascript? If the final goal is to use them as the source of an img tag then you could do absolutely nothing to hide them as tools such as Firebug will show directly all the HTTP requests that the browser performs, so it's not even necessary to look at the source of the HTML page to obtain the image paths.

If you intend to do something else with these paths (??) you could use a public/private key encryption algorithm. For example you generate a pair of private/public keys in javascript and you use ajax to send the public key to your server script. The script uses this public key to encrypt the image paths and returns them as JSON array to the client script which uses it's private key to decrypt them.

UPDATE:

Here's one example of sending the list of paths through AJAX:

<?php
    header('Content-Type: application/json; charset=utf-8');
    $images_arr = array('some/dir/001.jpg', 'some/dir/002.jpg', 'some/dir/003.jpg');
    echo json_encode($images_arr);
?>

and you obtain them in javascript:

$(function() {
    $.getJSON('/script.php', function(data) {
        for (var x = 0; x < length; x += 1) {
            var imageUrl = data[x];
            // do something with this image url
        }
    });
});

vava · Answer 2 · 2010-02-28 09:22:24Z

0

I'm sorry to tell you but you have no choice. If you want JavaScript to use your array, you have to pass it out to client and that means power user will be able to see it. There is no way around.

You can encode it but it won't hold against JavaScript debugger.

If it is visible to JavaScript code, it is visible to user, period.

answered Feb 28 at 9:22

vava
4,916●6●28

	I am not interested in power users, just the average who looks at the source and see a .jpg extension – FFish Feb 28 at 9:30
	@FFish, average guy will right-click on image and "copy link location". It won't save you either. – vava Feb 28 at 9:59
	I disabled right click on the image with jQuery: $("#myImage").bind("contextmenu",function(e) { return false; }); – FFish Feb 28 at 10:02
	You just going to annoy whole lot of users and achieve nothing, I tell ya. – vava Feb 28 at 12:31

PHP to Javascript, array to array, object to object

2 Answers

Your Answer

Not the answer you're looking for? Browse other questions tagged php javascript array object or ask your own question.

Hello World!

Related