In a production environment, are there any issues with including statements like
in a .js file?
Is there any way to keep someone from retrieving the file by simply reviewing page source and clicking on the src='/js/script_f1.js' to retrieve the file.
I guess my concern is disclosing directory structure and file names. Again, are there any issues with making those public?
Thought about doing it that way but wanted to verify there were no issues there. Thanks, I really appreciate the input.
Normally there are no issues. If you do have any concerns though, you can pass parameters to a centralised php file which will then fetch and return the data for you from a private location.
Even if you do that though, the content is the js file will still be publicly available. That's just the state of things, when you provide information that's to be run on a users local web browser.