Jump to content

using 'view source' in a browser

Recommended Posts

When you right click and click 'view source' in a browser, do you see ALL the code that is used for that page, including separate .css or .js files that might be in a separate folder?   Or do you  see only the html file and any <style> or <script> tags that are included; I imagine if you could see all  the content, they would have to compile it all together somehow.  Just curious - I've learner a lot from looking at the source code from many websites But it makes sense to me not to reveal ALL of your secrets online.  Thanx

After I posted this I was reading the w3school php tutorial and I have another question.  I've heard it said that javascript is a browser language and php is a server language.  In many of the examples they have embedded php right into the html code, like this -

 Welcome <?php echo $_GET["name"]; ?><br>
Your email address is: <?php echo $_GET["email"]; ?>

My question is this; does the browser make a server request every time there is a php tag - is there some way the php CAN run on the browser.  I'm trying to learn logistics of what goes where and the why's and wherefores of it all.   Very confusing when starting out.   I just thought I should have posted this in the php section, but it is kind of a general question.  Thanx again.

Edited by Gilbert
Link to post
Share on other sites

ALL php is sent to server, processed and returned back as html. All html JavaScript, css is accessible through viewing page source, it usually shows clickable links to external CSS and JavaScript files. Manipulation of html, attributes by JavaScript is not shown, as it is as screenshot of returned HTML, CSS, JavaScript before JavaScript is triggered, however the result during manipulation and after, can be viewed in the Web Developers tools (F12)  console viewing html tab. PHP cannot be run on the browser, it can however can run a external PHP files, whose response can be shown on the browser through the use of JavaScript, this is known as using AJAX


Link to post
Share on other sites

Thank you so much dsonesuk; very good explanation!  I had to read a few times b/4 it all sank in.  My question came out of exploring a login/signin situation.  I thought I could use javascript to process the userID, which I had restricted to 8 chars.  I thought I would first check to see if it was 8 chars in length, but then I realized  if I wrote -

' if (uID.length == 8) ' , then someone could see that using view source and they would know enough to enter 8 chars - etc, etc.  I think I understand that a userID or password or form data should be sent directly and immediately  to php via an AJAX call for processing.  would you say that is a fair assumption?   Anyway, do you know of an article or website that can explain what needs to be done to secure a login page - not too complicated, but secure enough?  I didn't think w3schools did that good a job on it - I still feel knid of up in the air about it.   Thanx for your help.....


Link to post
Share on other sites

You can't use JavaScript for login purposes on its own, because (1) it is viewable by anyone, so they identify the userID AND password , (2) it requires JavaScript to be enabled.

PHP should be used for login, it should always validate and sanitize login or for any data sent to php pages, or for example that would be inserted into a database. The code is not viewable, and done in background on the server with only the html or content being returned, not any details of userid and most importantly password details.

JavaScript validation is used to make it easier for the user, so the user does not have to submit and reload the page for PHP to validate and return to identify a error made. JavaScript validation being client-side can identify an error and show warnings instantly. BUT! PHP validation as mention above is always required, in case JavaScript is disabled and JS validation bypassed.

  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...