current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I want to execute some php code inside a javascript file in codeigniter using

.htaccess

<Directory /path/>
<Files file.js>
    AddHandler x-httpd-php5 .js
</Files>

and in my javascript file 

 <?php
header('Content-Type: application/x-javascript', true)

I have read from the codeigniter forums that executing php inside a .js file may make my web application insecure but i don't understand why this is.

How can a client exploit the changes i made of being able to execute php in the js file?.

share|improve this question
    
perhaps you should reference what you read. –  Dagon 17 hours ago
    
Is that really necessary?It says pretty much what i've written. –  Not Moderator 17 hours ago
2  
it doesn't make it insecure, but ANY php warnings/errors that the code causes will get embedded in the JS and cause syntax errors at best. You have to make DAMN sure that whatever your PHP is doing produces valid javascript at the end of the line, otherwise the entire JS code block is terminated/blacklisted –  Marc B 17 hours ago
    
Will that hold when i have display errors off and also expose php off?. –  Not Moderator 17 hours ago
    
because its wrong, that's way –  Dagon 16 hours ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.