'Is data injected into a HTTPS POST response secure from the client? [closed]

When developing web apps it's often common practice to inject variables into, and reference them from, a current POST request - for example, Laravel's merge() helper exists to do exactly this - and it's easier to do this and pass the variables through with the response than to do so separately.

If I inject data into my HTTPS POST requests/responses in this way and then pass that response back to the view, can these variables be considered secure, or are they able to be seen on the client-side?

I'm questioning this right now because I recently read somewhere that HTTPS requests are only encrypted in transit (as opposed to end-to-end) in order to prevent MITM attacks, which seems to imply that they are unencrypted on the ends themselves. If this is true, it would mean that the user is able to see them on the client-side, making data sent to them insecure.

httpsecurityhttps


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application