I have a localize script that have sensitive information that i dont want other users change it from the console. is it possible to Object freeze my localized script?
wp_localize_script('test-script', 'test_ajax', array(
'ajax_url' => admin_url('admin-ajax.php'),
'nonce' => wp_create_nonce('test-nonce'),
'action_thanks' => ACTION_THANKS,
'univ_short_name' => UNIV_SHORT_NAME,
'action_general' => ACTION_GENERAL,
'action_catalog' => ACTION_CATALOG,
'action_ebook' => ACTION_EBOOK,
'university_id' => UNIVERSITY_ID,
// in js needs to be converted to bool
'is_sf' => IS_SF
));
I have a localize script that have sensitive information that i dont want other users change it from the console. is it possible to Object freeze my localized script?
wp_localize_script('test-script', 'test_ajax', array(
'ajax_url' => admin_url('admin-ajax.php'),
'nonce' => wp_create_nonce('test-nonce'),
'action_thanks' => ACTION_THANKS,
'univ_short_name' => UNIV_SHORT_NAME,
'action_general' => ACTION_GENERAL,
'action_catalog' => ACTION_CATALOG,
'action_ebook' => ACTION_EBOOK,
'university_id' => UNIVERSITY_ID,
// in js needs to be converted to bool
'is_sf' => IS_SF
));
1 Answer
Reset to default 0No, it is not possible to do this from wp_localize_script().
You would need to add add Object.freeze( text_ajax ); to the beginning of your script.
Object.freeze( text_ajax );to the beginning of your script. However, this raises a lot of red flags for me. What would be the consequences if the user could change the values? If you can change values and it causes different behaviour on the server, then its your server code that's insecure. – Jacob Peattie Commented Jan 4, 2021 at 10:18