I want to prevent access to files from my code editor

To go back to the question you originally asked, I should make one thing crystal clear: a HTML/Javascript based code editor does not enable anyone to access or modify any files on your account.

HTML code is rendered in the browser of the visitor. Any visitor can open the Developer Tools in their browser and modify the HTML code shown. However, this only affects the current page they are seeing. There is no way for them to update the code that’s stored on the server and sent to other visitors, so there is no risk.

There is no inherent way for web browsers to read or modify source code on the server. So any code that runs in the web browser cannot read or modify files on your site.

The only way people could modify files on your site is if you have PHP code on your site that enables them to do so. PHP runs on the server so it can be used to modify files on the server. So if you have code that allows people to run their PHP code on your website, or allows them to request your PHP code to read or write arbitrary files from the server storage, then you are at risk.

If you have no PHP code that could ever do such a thing, then there is zero risk.

If you do have PHP code that people could use to read files and write files through PHP, or run their own code, then you are at risk. But the only way to fix that is to secure your PHP code. There is no way to secure this through HTML, Javascript or .htaccess rules.

So please check for yourself if there is any PHP code that could allow people to make changes to your files. If you’re not sure, please share the relevant code here.

And to be clear: none of the code you’ve shared so far could ever create such a vulnerability. HTML code cannot make your site vulnerable.

The specific code you shared here only prevents third party embedding of assets on your site. However, that’s already the case by default. And if people can download or modify your files now, then these .htaccess rules will do nothing at all to stop it.

8 Likes