Hiding .js

KHaled · Oct 12, 2004

Greetings all..

I would like to hide my javascript code from "view source code"
option in browsers. Is there a way of protecting the code ?

TIA,
KH.

Michael Winter · Oct 12, 2004

I would like to hide my javascript code from "view source code" option
in browsers. Is there a way of protecting the code ?

No.

Mike

Fred Oz · Oct 12, 2004

KHaled said:
Greetings all..

I would like to hide my javascript code from "view source code"
option in browsers. Is there a way of protecting the code ?

TIA,
KH.

There are ways of obfuscating it, like replacing meaningful function and
variable names with random strings of characters, abbreviating code as
much as possible, etc. There are even encoding methods that require the
JS be unencoded before being executed.

I wonder if the maintenance nightmare so created is worth the effort.

But what's the point? There are a zillion lines of JS, HTML, CSS, etc.
available, is yours sooo precious that everyone will steal it? What
earth shattering new program have you written? Is someone going to
steal your code and make the gazillion dollars you should have made?

Just put your marvelous code into a .js file and 99.999% of web surfers
will never, ever look at it.

Lee · Oct 12, 2004

Fred Oz said:

Just put your marvelous code into a .js file and 99.999% of web surfers
will never, ever look at it.

Just don't use this method to protect passwords or other sensitive client
information.

Hywel · Oct 12, 2004

Fred Oz said:

Just don't use this method to protect passwords or other sensitive client
information.

Why would *any* passwords or client-sensitive information be stored in a
file that goes to the client in plain text? That's plain dumb.

Douglas Crockford · Oct 12, 2004

Just put your marvelous code into a .js file and 99.999% of web surfers

Obfuscation/abbreviation as well as encoding the
file makes it a teensy bit harder to crack.

No amount of obfuscation can improve a really bad design. The best you
can hope to accomplish is to hide from your employers just how bad your
work really is.

http://www.crockford.com/#javascript

Fred Oz · Oct 12, 2004

Andrew said:
Obfuscation/abbreviation as well as encoding the
file makes it a teensy bit harder to crack.

Yes, that's what I meant but didn't say - obfuscation just makes the
code more difficult for a human to read, it doesn't apply any
meaningful encryption and in no way "protects" the code. But that
doesn't stop people selling products that do it.

Fred.

KHaled · Oct 13, 2004

01.iinet.net
..au:

Yes, the only thing that I am trying to do is avoid an iffy
client ripping of the code before he pays for it..

As things worked out, after seeing an image of a prototype
that I had developed, and after I asked him for specific
information pertaining to his needs I got no response, so I
assume we don't have a deal..

My sense was that he is a script kiddie who wanted to see how
I would do things..

For the record, I based my script on publicly available
scripts from www.dyn-web.com An amazing collection !!

Regards,
KHaled.

Patrick Savelberg · Oct 13, 2004

Hello,

I have a possible solution for protecting javascript .js files. For this to
work you need a scripting language on the server. I used PHP.

1. The script.js file is renamed to script.php. Ofcourse all references to
the .js file in all your HTML files will have to be changed in .php too.
2. at the top of the script.php add folowing lines:

<?PHP
$domain = "http://www.yourdomain.com/"
$pos = strpos($_SERVER['HTTP_REFERER'], $domain);
if($pos === false) {
die();
}
?>

What it does is that the script checks by whom it has been refered. If it
has been refered from an html page on our domain then the
$_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
user viewed our html source he would notice the location of the JS source
with a .php extension. If he would try to enter the url manualy in the
browser the referer wouldn't be from our domain and the script simply dies,
sending no javascript to the client.

Michael Winter · Oct 13, 2004

[snip]

What it does is that the script checks by whom it has been refered. If
it has been refered from an html page on our domain then the
$_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If
a user viewed our html source he would notice the location of the JS
source with a .php extension. If he would try to enter the url manualy
in the browser the referer wouldn't be from our domain and the script
simply dies, sending no javascript to the client.

That doesn't prevent me from retreiving the script from my cache. Combine
that with the fact that a user agent isn't required to send a referrer
header, causing a failure for legitimate users, this seems to be a stupid
idea.

You CANNOT prevent me viewing a script. You can make it difficult, but if
I'm really that determined, there is nothing to stop me. However,
considering the quality of most scripts on the Web, there are very few
authors that would create that kind of interest.

[snip]

Mike

Randy Webb · Oct 13, 2004

Patrick said:
Hello,

I have a possible solution for protecting javascript .js files. For this to
work you need a scripting language on the server. I used PHP.

1. The script.js file is renamed to script.php. Ofcourse all references to
the .js file in all your HTML files will have to be changed in .php too.
2. at the top of the script.php add folowing lines:

<?PHP
$domain = "http://www.yourdomain.com/"
$pos = strpos($_SERVER['HTTP_REFERER'], $domain);
if($pos === false) {
die();
}
?>

What it does is that the script checks by whom it has been refered. If it
has been refered from an html page on our domain then the
$_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
user viewed our html source he would notice the location of the JS source
with a .php extension. If he would try to enter the url manualy in the
browser the referer wouldn't be from our domain and the script simply dies,
sending no javascript to the client.

Put that on a page. Then, run this bookmarklet from the taskbar in IE,
and there is the script. Doesn't even require View>Source, it will
display in the browser.

javascript:'<code><ol><li>'+(document.documentElement||document.body).outerHTML.replace(/&/g,"&").replace(/</g,"<").replace(/%20%20/g," %20").replace(/\n/g,"<li>")+'<\/ol><\/code>';

It is even numbered for you. So, how does the referrer have anything to
do with stopping that?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq
Answer:It destroys the order of the conversation
Question: Why?
Answer: Top-Posting.
Question: Whats the most annoying thing on Usenet?

Philip Ronan · Oct 13, 2004

Put that on a page. Then, run this bookmarklet from the taskbar in IE,
and there is the script. Doesn't even require View>Source, it will
display in the browser.

javascript:'<code><ol><li>'+(document.documentElement||document.body).outerHTM
L.replace(/&/g,"&").replace(/</g,"<").replace(/%20%20/g," %20").re
place(/\n/g,"<li>")+'<\/ol><\/code>';

It is even numbered for you. So, how does the referrer have anything to
do with stopping that?

That's neat

Can I just suggest changing
replace(/\n/g,"<li>")
to
replace(/(\n\r?)|\r/g,"<li>")
to accommodate different kinds of line break (on my Mac everything ends up
on one line otherwise).

This is what I ended up with:

javascript:'<code><ol><li>'+(document.documentElement||document.body).outerH
TML.replace(/&/g,"&").replace(/</g,"<").replace(/%20%20/g," %20"
).replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';

Phil

Philip Ronan · Oct 13, 2004

Can anybody suggest a way to 'plant' those as href's in a web-page
in such a way that a random user can add them to their favorites?
I had a play with doing Randy's version, and got it all messed up,
though I was able to get in into my own favorites OK.

Using Javascript to add bookmarks is rather unreliable. I think the best
approach would be to just wrap these scripts into ordinary links like this:

<A href="javascript:...">Right-click on this link and select "Add to
Favorites"</A>

Phil

Randy Webb · Oct 15, 2004

Philip said:
Using Javascript to add bookmarks is rather unreliable. I think the best
approach would be to just wrap these scripts into ordinary links like this:

Typically, I would agree with you. But this is a very unusual exception
that needs a little more to it.

<A href="javascript:...">Right-click on this link and select "Add to
Favorites"</A>

Right Click on this link and select "Add to Favorites" and change the
name of the link, and it only works in IE as written.

The best solution would be to simply put the bookmarklet on a page and
let people copy/paste it. But for that purpose, this one works better:

javascript:window.clipboardData.setData('text',document.documentElement.outerHTML);void%200

And then you simply paste it into a text editor. The first one numbers
the lines of source and displays it in the browser.

Javascript not hiding nested elements simultaneously	2	Apr 5, 2023
How can I hide a div using an event listener on multiple checkboxes?	6	Dec 23, 2022
New here, Javascript password protect site not working on mobile	3	Oct 12, 2021
External JS file question	5	Mar 5, 2021
How to display input options only after selecting an option from the 'select class' tag JS?	6	May 12, 2023
action_page.php form	2	Oct 25, 2020
Please help me to solve this JS problem	6	Aug 8, 2023
I want to Display Excel As HTML In js	2	Feb 24, 2023

Hiding .js

KHaled

Michael Winter

Fred Oz

Lee

Hywel

Douglas Crockford

Fred Oz

KHaled

Patrick Savelberg

Michael Winter

Randy Webb

Philip Ronan

Philip Ronan

Randy Webb

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads