0

What is benefits of some website insert a <script></script> tag within html with basic user logged in data? These are one of the example:

<script>
    Shopify = {};
    Shopify.shop = {
      settings: {"timezone":"(GMT+08:00) Kuala Lumpur","timezone_offset":480,"timezone_abbreviation":"MYT","tzinfo":"Asia\/Kuala_Lumpur","currency":"MYR","money_format":"\u003cspan class=money\u003eRM{{amount}}\u003c\/span\u003e","money_symbol":"RM","money_with_currency_format":"\u003cspan class=money\u003eRM{{amount}}\u003c\/span\u003e","created_at":"2014-08-15T12:19:28+08:00"},
      domain: "shop.myshop.com"
    };
    Shopify.currentUser = {"id":xxxx,"name":"Joe Doe","email":"[email protected]","accountOwner":true,"accountAccess":"Account owner","permissions":["full"],"isEmployee":false};
  </script>

How does these method works? Thanks!!

Improve this question
4
  • Do a search for Shopify.shop and Shopify.currentUser in the rest of the JS code. That'll show you how it's likely being used. Commented Sep 20, 2015 at 14:20
  • So that the global variables in the script can be used from other script code Commented Sep 20, 2015 at 14:20
  • Shopify has been declared as a global variable, so any script has access to it. It is for storing data. Commented Sep 20, 2015 at 14:20
  • @AdrianLynch only in one script they did mention about Shopify.shop, but it doesn't show how they initialize the data and inject into html. Commented Sep 20, 2015 at 14:23

2 Answers 2

Reset to default
1

Let's go over this Javascript snippet and see what it does:

Shopify = {};

This defines an empty global object called Shopify.

Shopify.shop = {
  settings: {"timezone":"(GMT+08:00) Kuala Lumpur","timezone_offset":480,"timezone_abbreviation":"MYT","tzinfo":"Asia\/Kuala_Lumpur","currency":"MYR","money_format":"\u003cspan class=money\u003eRM{{amount}}\u003c\/span\u003e","money_symbol":"RM","money_with_currency_format":"\u003cspan class=money\u003eRM{{amount}}\u003c\/span\u003e","created_at":"2014-08-15T12:19:28+08:00"},
  domain: "shop.myshop.com"
};

Here, a member called shop is defined within the object Shopify. This member is also an object (defined within the curly brackets) that contains two members:

settings - which is also an object that contains the timezone, timezone_offset and some other properties in it.

domain - which is a string that holds a domain name in it.

Shopify.currentUser = {"id":xxxx,"name":"Joe Doe","email":"[email protected]","accountOwner":true,"accountAccess":"Account owner","permissions":["full"],"isEmployee":false};

And this last line also defines a member called currentUser within the global object Shopify and is also an object that contains some properties with information about (most likely) the logged in user.

So basically this whole Javascript code snippet is used to generate an object called Shopify that contains some user information that will be accessible by some script(s) in the page itself.

This code is most likely generated by the page itself, using a server side script that probably has access to this information. When there are Javascript codes in a page that need access to private information, this is usually one of the approaches that are taken in order to achieve this.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In above example, There all data stored in global variable(Shopify.shop) is user related information. This information is that type of information which is always needed with request otherwise it will need to re-execute logic again to find what is that information.

It is little bit complex to find timezone of user. Because we are having only offset in client side to find out real time zone and the problem is some time zone share same offset. In sort it little bit complex to find time zone of user. so we can store that type of information in ether in session object in server side or in any global variable so on form substitution time we can get that easily.

But this is a bad practice to having some client information on source code like as in above code. We should keep all information in session object for safe side to resolve vulnerable issues.

Miki Berkovich have already have given all description on code so i do not think to describe that again here.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.