Hiding .js

Discussion in 'Javascript' started by KHaled, Oct 12, 2004.

  1. KHaled

    KHaled Guest

    Greetings all..

    I would like to hide my javascript code from "view source code"
    option in browsers. Is there a way of protecting the code ?

    TIA,
    KH.
     
    KHaled, Oct 12, 2004
    #1
    1. Advertising

  2. On 12 Oct 2004 10:28:38 GMT, KHaled <> wrote:

    > I would like to hide my javascript code from "view source code" option
    > in browsers. Is there a way of protecting the code ?


    No.

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
     
    Michael Winter, Oct 12, 2004
    #2
    1. Advertising

  3. KHaled

    Fred Oz Guest

    KHaled wrote:
    > Greetings all..
    >
    > I would like to hide my javascript code from "view source code"
    > option in browsers. Is there a way of protecting the code ?
    >
    > TIA,
    > KH.


    There are ways of obfuscating it, like replacing meaningful function and
    variable names with random strings of characters, abbreviating code as
    much as possible, etc. There are even encoding methods that require the
    JS be unencoded before being executed.

    I wonder if the maintenance nightmare so created is worth the effort.

    But what's the point? There are a zillion lines of JS, HTML, CSS, etc.
    available, is yours sooo precious that everyone will steal it? What
    earth shattering new program have you written? Is someone going to
    steal your code and make the gazillion dollars you should have made?

    Just put your marvelous code into a .js file and 99.999% of web surfers
    will never, ever look at it.
     
    Fred Oz, Oct 12, 2004
    #3
  4. KHaled

    Lee Guest

    Fred Oz said:

    >Just put your marvelous code into a .js file and 99.999% of web surfers
    >will never, ever look at it.


    Just don't use this method to protect passwords or other sensitive client
    information.
     
    Lee, Oct 12, 2004
    #4
  5. KHaled

    Hywel Guest

    In article <>, Lee says...
    > Fred Oz said:
    >
    > >Just put your marvelous code into a .js file and 99.999% of web surfers
    > >will never, ever look at it.

    >
    > Just don't use this method to protect passwords or other sensitive client
    > information.


    Why would *any* passwords or client-sensitive information be stored in a
    file that goes to the client in plain text? That's plain dumb.

    --
    Hywel

    http://sponsorhywel.org.uk/
     
    Hywel, Oct 12, 2004
    #5
  6. >>>>Just put your marvelous code into a .js file and 99.999% of web surfers
    >>>>will never, ever look at it.


    >>>Just don't use this method to protect passwords or other sensitive client
    >>>information.


    >>Why would *any* passwords or client-sensitive information be stored in a
    >>file that goes to the client in plain text?


    >>That's plain dumb.


    > Obfuscation/abbreviation as well as encoding the
    > file makes it a teensy bit harder to crack.


    No amount of obfuscation can improve a really bad design. The best you
    can hope to accomplish is to hide from your employers just how bad your
    work really is.

    http://www.crockford.com/#javascript
     
    Douglas Crockford, Oct 12, 2004
    #6
  7. KHaled

    Fred Oz Guest

    Andrew Thompson wrote:

    > Obfuscation/abbreviation as well as encoding the
    > file makes it a teensy bit harder to crack.
    >


    Yes, that's what I meant but didn't say - obfuscation just makes the
    code more difficult for a human to read, it doesn't apply any
    meaningful encryption and in no way "protects" the code. But that
    doesn't stop people selling products that do it.

    Fred.
     
    Fred Oz, Oct 12, 2004
    #7
  8. KHaled

    KHaled Guest

    Fred Oz <> wrote in
    news:416bcb93$0$25485$5a62ac22@per-qv1-newsreader-
    01.iinet.net
    ..au:

    Yes, the only thing that I am trying to do is avoid an iffy
    client ripping of the code before he pays for it..

    As things worked out, after seeing an image of a prototype
    that I had developed, and after I asked him for specific
    information pertaining to his needs I got no response, so I
    assume we don't have a deal..

    My sense was that he is a script kiddie who wanted to see how
    I would do things..

    For the record, I based my script on publicly available
    scripts from www.dyn-web.com An amazing collection !!

    Regards,
    KHaled.
     
    KHaled, Oct 13, 2004
    #8
  9. Hello,

    I have a possible solution for protecting javascript .js files. For this to
    work you need a scripting language on the server. I used PHP.

    1. The script.js file is renamed to script.php. Ofcourse all references to
    the .js file in all your HTML files will have to be changed in .php too.
    2. at the top of the script.php add folowing lines:

    <?PHP
    $domain = "http://www.yourdomain.com/"
    $pos = strpos($_SERVER['HTTP_REFERER'], $domain);
    if($pos === false) {
    die();
    }
    ?>

    What it does is that the script checks by whom it has been refered. If it
    has been refered from an html page on our domain then the
    $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
    user viewed our html source he would notice the location of the JS source
    with a .php extension. If he would try to enter the url manualy in the
    browser the referer wouldn't be from our domain and the script simply dies,
    sending no javascript to the client.


    "KHaled" <> schreef in bericht
    news:Xns95807E7A4B8E6khaledlocalhost@130.133.1.4...
    > Greetings all..
    >
    > I would like to hide my javascript code from "view source code"
    > option in browsers. Is there a way of protecting the code ?
    >
    > TIA,
    > KH.
     
    Patrick Savelberg, Oct 13, 2004
    #9
  10. On Wed, 13 Oct 2004 10:21:38 +0200, Patrick Savelberg <>
    wrote:

    [snip]

    > What it does is that the script checks by whom it has been refered. If
    > it has been refered from an html page on our domain then the
    > $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If
    > a user viewed our html source he would notice the location of the JS
    > source with a .php extension. If he would try to enter the url manualy
    > in the browser the referer wouldn't be from our domain and the script
    > simply dies, sending no javascript to the client.


    That doesn't prevent me from retreiving the script from my cache. Combine
    that with the fact that a user agent isn't required to send a referrer
    header, causing a failure for legitimate users, this seems to be a stupid
    idea.

    You CANNOT prevent me viewing a script. You can make it difficult, but if
    I'm really that determined, there is nothing to stop me. However,
    considering the quality of most scripts on the Web, there are very few
    authors that would create that kind of interest.

    [snip]

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
     
    Michael Winter, Oct 13, 2004
    #10
  11. KHaled

    Randy Webb Guest

    Patrick Savelberg wrote:

    > Hello,
    >
    > I have a possible solution for protecting javascript .js files. For this to
    > work you need a scripting language on the server. I used PHP.
    >
    > 1. The script.js file is renamed to script.php. Ofcourse all references to
    > the .js file in all your HTML files will have to be changed in .php too.
    > 2. at the top of the script.php add folowing lines:
    >
    > <?PHP
    > $domain = "http://www.yourdomain.com/"
    > $pos = strpos($_SERVER['HTTP_REFERER'], $domain);
    > if($pos === false) {
    > die();
    > }
    > ?>
    >
    > What it does is that the script checks by whom it has been refered. If it
    > has been refered from an html page on our domain then the
    > $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
    > user viewed our html source he would notice the location of the JS source
    > with a .php extension. If he would try to enter the url manualy in the
    > browser the referer wouldn't be from our domain and the script simply dies,
    > sending no javascript to the client.


    Put that on a page. Then, run this bookmarklet from the taskbar in IE,
    and there is the script. Doesn't even require View>Source, it will
    display in the browser.

    javascript:'<code><ol><li>'+(document.documentElement||document.body).outerHTML.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/%20%20/g,"&nbsp;%20").replace(/\n/g,"<li>")+'<\/ol><\/code>';

    It is even numbered for you. So, how does the referrer have anything to
    do with stopping that?

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq
    Answer:It destroys the order of the conversation
    Question: Why?
    Answer: Top-Posting.
    Question: Whats the most annoying thing on Usenet?
     
    Randy Webb, Oct 13, 2004
    #11
  12. KHaled

    Philip Ronan Guest

    On 13/10/04 12:42 pm, Randy Webb wrote:

    > Put that on a page. Then, run this bookmarklet from the taskbar in IE,
    > and there is the script. Doesn't even require View>Source, it will
    > display in the browser.
    >
    > javascript:'<code><ol><li>'+(document.documentElement||document.body).outerHTM
    > L.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/%20%20/g,"&nbsp;%20").re
    > place(/\n/g,"<li>")+'<\/ol><\/code>';
    >
    > It is even numbered for you. So, how does the referrer have anything to
    > do with stopping that?


    That's neat :)

    Can I just suggest changing
    replace(/\n/g,"<li>")
    to
    replace(/(\n\r?)|\r/g,"<li>")
    to accommodate different kinds of line break (on my Mac everything ends up
    on one line otherwise).

    This is what I ended up with:

    javascript:'<code><ol><li>'+(document.documentElement||document.body).outerH
    TML.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/%20%20/g,"&nbsp;%20"
    ).replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';

    Phil
    --
    Philip Ronan

    (Please remove the "z"s if replying by email)
     
    Philip Ronan, Oct 13, 2004
    #12
  13. KHaled

    Philip Ronan Guest

    On 13/10/04 1:13 pm, Andrew Thompson wrote:

    > Can anybody suggest a way to 'plant' those as href's in a web-page
    > in such a way that a random user can add them to their favorites?
    > I had a play with doing Randy's version, and got it all messed up,
    > though I was able to get in into my own favorites OK.


    Using Javascript to add bookmarks is rather unreliable. I think the best
    approach would be to just wrap these scripts into ordinary links like this:

    <A href="javascript:...">Right-click on this link and select "Add to
    Favorites"</A>

    Phil

    --
    Philip Ronan

    (Please remove the "z"s if replying by email)
     
    Philip Ronan, Oct 13, 2004
    #13
  14. KHaled

    Randy Webb Guest

    Philip Ronan wrote:
    > On 13/10/04 1:13 pm, Andrew Thompson wrote:
    >
    >
    >>Can anybody suggest a way to 'plant' those as href's in a web-page
    >>in such a way that a random user can add them to their favorites?
    >>I had a play with doing Randy's version, and got it all messed up,
    >>though I was able to get in into my own favorites OK.

    >
    >
    > Using Javascript to add bookmarks is rather unreliable. I think the best
    > approach would be to just wrap these scripts into ordinary links like this:


    Typically, I would agree with you. But this is a very unusual exception
    that needs a little more to it.

    > <A href="javascript:...">Right-click on this link and select "Add to
    > Favorites"</A>


    Right Click on this link and select "Add to Favorites" and change the
    name of the link, and it only works in IE as written.

    The best solution would be to simply put the bookmarklet on a page and
    let people copy/paste it. But for that purpose, this one works better:

    javascript:window.clipboardData.setData('text',document.documentElement.outerHTML);void%200

    And then you simply paste it into a text editor. The first one numbers
    the lines of source and displays it in the browser.



    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq
     
    Randy Webb, Oct 15, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Jones

    Hiding of subprogram designators

    David Jones, Nov 17, 2003, in forum: VHDL
    Replies:
    1
    Views:
    582
    Alan Fitch
    Nov 18, 2003
  2. Brahmam
    Replies:
    3
    Views:
    569
    Francois Beaussier
    Jan 11, 2006
  3. Paul
    Replies:
    0
    Views:
    316
  4. John
    Replies:
    2
    Views:
    472
    William F. Robertson, Jr.
    Jul 2, 2003
  5. Ste
    Replies:
    41
    Views:
    840
    Thomas 'PointedEars' Lahn
    Aug 1, 2007
Loading...

Share This Page