How to verify that Javascript on the client has not been modified

advertisements

Is there any way to verify that the javascript file as loaded (and potentially altered) by the client has not been tampered with by a malicious user?

I'm thinking of something like this:

1) Computing a checksum and sending this for the server for verification

2) Sending the file as it is in browser memory back to the server for comparison/checksumming.

Is anything like this possible? How can you verify the integrity of the executed javascript given a known-good copy on the server?


tl;dr No

As a malicious use can easily tamper with the data getting sent to the server there's no way of securely verifying that the Javascript has not been altered. Even if you did hashsum calculations there's no way of making sure that the user is not modifying that hashsum before sending it to the server.

You simply have to find other means to make your solution secured. Usually this mean that you've to run your business logic on the backend rather than on the client.