Prevent malicious user from executing JavaScript

Question

In my JSP I have a function like fnGetTicketDetails:

function fnGetTicketDetails(record){
    $(\"#TicketNumber\").val(record);
    $(\"#TicketDeta         


        

Answer 1

You can't. Any data stored on the client is going to be visible to the end user.

The issue here is that your server is willing to show the details to anyone who asks for them. Don't even try to stop the user asking. Just do a check server side to make sure that that user is allowed to view those ticket details. If they're not, don't deliver them!