the default is to grab data via "id" or selector (for example, .text () ) to the back end via ajax
using e.currentTarget.dataset.XXX
how can I avoid being tampered with by the server?
do I have to give it to value later?
I wonder if jquery has a solution to this problem?
has suffered recently ~ even if ajax is changed to POST, it is useless
how to effectively "prevent villains"?
this tech-savvy villain is hard to defend.
if you're just worried about adding a condition to your text box (or numerical calculations that allow client input)
for example:
var measure = 1 //
// measure2
2 ()
$('input').on("change",function(){
if(measure !== 2)return;
})
basically prohibit right-click operations if there is no business requirement, you can also disable
the front and back end has an encrypted summary of the calculation results as your logo to compare
js encryption and confusion
you should pay more attention to the pseudo request
which involves permission verification
. The front end can change whatever the customer wants. We should focus on how to avoid possible problems
the important data should be calculated to the back end, so it is not as good as the total amount of the order. Is it true that the front end calculates to the back end? In this way, is it free if I send a 0 directly in the past? so I still send some unimportant data such as commodity quantity and commodity specifications to the back end, and the back end calculates the total amount according to your specifications and quantity, so how to change the front end is useless, and it can't be free.
backend check
even if you can prevent js tampering, how do you defend against forged requests?
backend verification and data permission verification
how to change the front end, can you still find out the palm of the server?