Hiding hidden input fields from "inspect element"
Solution 1
It is not possible to hide elements from the DOM inspector, that would defeat the purpose of having that tool.
Disabling javascript is all it would take to bypass right click protection.
What you should do is implement a proper autologin.
Most importantly, do not echo the users password in plain text to a page.
Solution 2
If you want to get about as fancy as possible you could serve up the data obsfuricated in some manner and de-obsfuricate it and run eval on it at the last minute.
Although this would mean that the data is still visible completely in a javascript debugger.
UNLESS you want to get fancy !!
If you REALLY want to get fancy then it is possible to obtain ROP Chain code execution in webkit based browsers, you COULD use this to gain native code execution capacity, once you have that then you can have your app download the required variables and inject them into something that cannot be debugged via the JS debugger built into most modern browsers ( or alternatively just disable the debugger)
Of-course you could always just implement in the server, its significantly less effort than locking a user out of their own browser.
user3428971
Updated on June 14, 2022Comments
-
user3428971 almost 2 years
Someone asked me to make him a dashboard where he can see all the links to manage his websites. He also wants to autologin to the website that he clicked.
To do this I'm trying to make a form for each url and send the username and password values with it. I echo them as variables but (ofcourse) they're still visible in the input types in the "inspect element" window.
How can I make this dissapear? Because it's not safe this way..
(side question: Is there also a way to add a target=_blank to this javascript?
<a href="" onclick="document.forms[0].submit(); return false;"></a> )