Reverse-engineering a Dashboard Widget?

Is it possible?

I understand that Dashboard widgets are simply Javascript packaged up nicely, but is it possible to view the source of that Javascript?

I realise this might be a silly question, but before I create a Dashboard widget for my si开发者_StackOverflow中文版te accessing an API URL I don't want to be public yet, I'd just like to check.

And yes, I know I'm being paranoid! ;)

Jack

---

Yes, and no.

Yes, it is possible to view the widget Javascript. The script used to access your site's API would most definitely be visible (the URL has to go somewhere, right?). Anything that's available to the browser will be available to the user.

No, it may be possible to prevent reverse engineering. If you minimize and obfuscate the Javascript, it will be fairly difficult to see what its doing. Of course a determined attacker would always be able to reverse the minimization and obfuscation, given enough time, but it is up to you on whether you want to take that risk.