# Front-End code exposed ¶

Go back

Your code is running in someone else browser, so they can do what they want with it. You should already know that using the developers' tools, you can see the code source of a page. Using elements, you can modify the HTML/CSS. Using the console, you can run some JavaScript/modify the JavaScript.

Overall, what the user can do?

Hidden fields

If you made a field hidden, it's only hidden for your average user, but we can easily change the value of the hidden field.

Ex: you stored the ID of my account in the form to edit my profile, what if I put someone else ID inside? In the first place, this ID should be in the \$_SESSION, so that was a pretty bad move 😶.

<?php // some comment ?>