Basically, I have a website with a Javascript library that has ads integrated through a script tag. My main concern is whether these ads can access my Javascript library, which makes Ajax calls to a server where the user is logged in.
I want to protect my Javascript code from being influenced by the ad scripts, as I do not want them to be able to make any Ajax calls. I am looking for a solution that does not involve server-side scripting outside of my Javascript library (keep in mind that calls to the library cannot use server-side scripting) (although setting up htpasswd protection is an option).
Here's an example:
Library.js (can have server-side scripting on another domain)
var library = function(parameters) {
return ajaxCallWithParameters(parameters);
}
Website Javascript: (cannot rely on server-side scripting)
toTable(library());
Possibly malicious ads included from another domain:
sendToAdServer(library());
If I were to use server-side scripting, I could simply do:
<script>var <?php echo $somehowSyncedrandomByTime; ?> = function(parameters) {
return ajaxCallWithParameters(parameters);
}</script>
<script>toTable(<?php echo $somehowSyncedrandomByTime; ?>());</script>
<script>sendToAdServer(???());</script>
This method would prevent the ads from accessing the specific function. However, since the website cannot use server-side scripting, I am exploring other alternatives.
Is there a way to obscure my Javascript so that third-party scripts cannot call or read it?