Cool888 Cool888 - 1 month ago 6
ASP.NET (C#) Question

Disable User injected Javascript into webpage through browser F12 tools

I am making a website. On a button click, the JS function named HeavyTask is called. It has an ajax call to the Action Method that will perform a CPU Heavy task on the server. The button looks like this

<input type="Submit" value="Start" onclick="HeavyTask()" />

But I am worried that someone may press F12, right click any element-> Edit as HTML and inject script like this

setInterval(HeavyTask, 100);

And cause the server CPU to waste all its processing power and cause website to lag. I tried to do this from chrome. I was able to change HTML Elements, but not able to run this Script. But there may be some browsers/other techniques that will allow. Should I worry about it, or not. If yes, how can I fix this so that user can't call the function for second time until the first call returns. My backend technology is ASP.NET. Thanks


You can't do anything on the client that can't be overridden, but you can stop the process being executed more than once on the server, simply by setting and checking a server-side variable...

public void PerformHeavyTask()
    if (Session["HeavyTaskRunning"] == true)

    Session["HeavyTaskRunning"] = true;

    // perform heavy task

    Session["HeavyTaskRunning"] = false;

This will allow multiple clients to request the same heavy task, though, and that might not be ideal.

(I've assumed C# on the server)