Frontend JavaScript Code Visible in Browser Console

Ask the community
, ,
1

I noticed that all my JavaScript code (including member data, database queries, and business logic) is visible when users open the browser’s developer console.

Is there a way to hide or protect this JavaScript code from being visible in the browser console?

Any suggestions or best practices would be appreciated.

Thanks!

2

-Everything what you do not want to be visible has to be done on backend.
-Everything what lands on frontend will be visible.

How to improve?
-For secrets and sensitive data you have Wix-Secrets.
-If you have to send data over to frontend which you want to be hidden as most as possible → Obfuscate your JavaScript → while it won’t make your code really secure, but it makes it harder to read.

One maybe possible way could be to send only encrypted data to frontend.
And sending the key over an e-mail for decryption of the data or message.

-avoid caching
-avoid local storage
-avoid autosafe-features like browser-extensions…
-and of course avoid console-logs (do not forget to delete all your included console logs inside of your code)
…if it comes to sensitive data

To truly protect sensitive data or logic:

  1. Keep it on the backend.
  • Never send unless the user is allowed to see it.
  • Example: If the user shouldn’t see pricing algorithms, keep them server-side.
  1. Authenticate every request.
  • Use JWT tokens, sessions, or OAuth.
  • Every API call must verify user identity and authorization.
  1. Send only what’s needed.
  • Filter and sanitize all backend responses to contain only user-permissible data.
3

Thank you for your suggestion. However, the approach you recommended is quite complicated. On one hand, I have to use many frontend APIs, which means I can’t handle everything on the backend. On the other hand, following your approach would require rebuilding the entire platform from the beginning. I already have several thousand lines of code, so I’m looking for a more efficient solution. Ideally, I want something that can run across all pages, such as adding it to the master page, to hide all information from the browser console.

4

This isn’t really a limitation of Wix, but rather an inherent constraint of how web browsers work. :slightly_smiling_face:

5

However, I’ve noticed that many websites completely hide browser console information. I’m currently looking for a custom code to implement this functionality.

6

This is expected behavior, and we have various articles and resources that mention this. For example:

As others mentioned, it’s recommended that any business logic/sensitive data should be handled in backend files.

Frontend code (page code, public files, masterpage) will be visible through browser dev tools.