Stop all javascript written by the browser for client installed Extensions and Plugins

Question

I have my own E-Commerce web application and I noticed that sometimes Extensions and Plugins that are installed on the client machine conflict with the functionality of my web application. I do a lot of javascript programming and client-server communications through javascript (AJAX and .NET callbacks). The developer has no control over what applications are installed on the client and what browsers the client uses. My application doesn't need any of the additional javascript besides the ones that I wrote and .NET Framework writes on the client, and I don't want anyone to hack my web application with custom browser that theoretically speaking could also push wrong data into my system. There must be a way to stop all client scripting that does not belong to my web application from executing. I've searched internet and did not find the answer I was looking for. I'd appreciate any ideas that any of you, guys, may have. Thank you!

Answer 1

I have my own E-Commerce web application and I noticed that sometimes Extensions and Plugins that are installed on the client machine conflict with the functionality of my web application. I do a lot of javascript programming and client-server communications through javascript (AJAX and .NET callbacks). The developer has no control over what applications are installed on the client and what browsers the client uses. My application doesn't need any of the additional javascript besides the ones that I wrote and .NET Framework writes on the client, and I don't want anyone to hack my web application with custom browser that theoretically speaking could also push wrong data into my system. There must be a way to stop all client scripting that does not belong to my web application from executing. I've searched internet and did not find the answer I was looking for. I'd appreciate any ideas that any of you, guys, may have. Thank you!

Answer 2

>There must be a way to stop all client scripting that does not belong to my web application from executing

No there isn't. Because you just said the developer has no control over what applications are installed on the client and what browsers the client uses. 

> sometimes Extensions and Plugins that are installed on the client machine conflict with the functionality of my web application

Tell the user that. Let the user choose whether keep the plugin or visit your web site in plugin-free mode. 

---

---

Visual C++ MVP

Answer 3

duplicate of http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/4c50773b-486b-4dbc-bc99-8951d21a6ae7

---

---

Visual C++ MVP

Answer 4

Scripts from Extentions and Plugins attach to DHTML object events. And I was thinking that there must be a way to block any code that's not mine that attaches to DHTML object events.

Answer 5

Developer has no control over what applications are installed on the client but he has control over DHTML objects and client-side scripting.

Answer 6

No since you don't have control, you can't block. All you know is http in, http out. How the client deal with DOM or script is outside of you control. You can only send script to the client, the client can do whatever it wants, including not executing your script and execute a modified version of the script, just like what you are seeing right now in some plugins. In fact a hostile user can write a browser that fake everything sent back to your server, you‘d better have validation in place to filter out malicious input like SQL injection attacks.  

---

---

Visual C++ MVP