Hiding .js

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • KHaled

    Hiding .js

    Greetings all..

    I would like to hide my javascript code from "view source code"
    option in browsers. Is there a way of protecting the code ?

    TIA,
    KH.
  • Michael Winter

    #2
    Re: Hiding .js

    On 12 Oct 2004 10:28:38 GMT, KHaled <me@localhost.h ome> wrote:
    [color=blue]
    > I would like to hide my javascript code from "view source code" option
    > in browsers. Is there a way of protecting the code ?[/color]

    No.

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.

    Comment

    • Andrew Thompson

      #3
      Re: Hiding .js

      On 12 Oct 2004 10:28:38 GMT, KHaled wrote:
      [color=blue]
      > I would like to hide my javascript code from "view source code"
      > option in browsers.[/color]

      Is it truly that bad? *
      [color=blue]
      >...Is there a way of protecting the code ?[/color]

      Two answers..
      a) No.
      b) Yes. Assuming you don't upload it in the first place.

      * Based on the tenet - "The desire to hide code increases
      with inverse proportion to it's quality."

      --
      Andrew Thompson
      http://www.PhySci.org/codes/ Web & IT Help
      http://www.PhySci.org/ Open-source software suite
      http://www.1point1C.org/ Science & Technology
      http://www.lensescapes.com/ Images that escape the mundane

      Comment

      • Fred Oz

        #4
        Re: Hiding .js

        KHaled wrote:[color=blue]
        > Greetings all..
        >
        > I would like to hide my javascript code from "view source code"
        > option in browsers. Is there a way of protecting the code ?
        >
        > TIA,
        > KH.[/color]

        There are ways of obfuscating it, like replacing meaningful function and
        variable names with random strings of characters, abbreviating code as
        much as possible, etc. There are even encoding methods that require the
        JS be unencoded before being executed.

        I wonder if the maintenance nightmare so created is worth the effort.

        But what's the point? There are a zillion lines of JS, HTML, CSS, etc.
        available, is yours sooo precious that everyone will steal it? What
        earth shattering new program have you written? Is someone going to
        steal your code and make the gazillion dollars you should have made?

        Just put your marvelous code into a .js file and 99.999% of web surfers
        will never, ever look at it.

        Comment

        • Lee

          #5
          Re: Hiding .js

          Fred Oz said:
          [color=blue]
          >Just put your marvelous code into a .js file and 99.999% of web surfers
          >will never, ever look at it.[/color]

          Just don't use this method to protect passwords or other sensitive client
          information.

          Comment

          • Hywel

            #6
            Re: Hiding .js

            In article <ckgq4808h8@drn .newsguy.com>, Lee says...[color=blue]
            > Fred Oz said:
            >[color=green]
            > >Just put your marvelous code into a .js file and 99.999% of web surfers
            > >will never, ever look at it.[/color]
            >
            > Just don't use this method to protect passwords or other sensitive client
            > information.[/color]

            Why would *any* passwords or client-sensitive information be stored in a
            file that goes to the client in plain text? That's plain dumb.

            --
            Hywel


            Comment

            • Andrew Thompson

              #7
              Re: Hiding .js

              On Tue, 12 Oct 2004 17:58:13 +0100, Hywel wrote:
              [color=blue]
              > In article <ckgq4808h8@drn .newsguy.com>, Lee says...[color=green]
              >> Fred Oz said:
              >>[color=darkred]
              >>>Just put your marvelous code into a .js file and 99.999% of web surfers
              >>>will never, ever look at it.[/color]
              >>
              >> Just don't use this method to protect passwords or other sensitive client
              >> information.[/color]
              >
              > Why would *any* passwords or client-sensitive information be stored in a
              > file that goes to the client in plain text?[/color]

              Fred also mentioned..[color=blue][color=green][color=darkred]
              >>> There are even encoding methods that require the
              >>> JS be unencoded before being executed.[/color][/color][/color]
              [color=blue]
              > That's plain dumb.[/color]

              Obfuscation/abbreviation as well as encoding the
              file makes it a teensy bit harder to crack.

              --
              Andrew Thompson
              http://www.PhySci.org/codes/ Web & IT Help
              http://www.PhySci.org/ Open-source software suite
              http://www.1point1C.org/ Science & Technology
              http://www.lensescapes.com/ Images that escape the mundane

              Comment

              • Douglas Crockford

                #8
                Re: Hiding .js

                >>>>Just put your marvelous code into a .js file and 99.999% of web surfers[color=blue][color=green][color=darkred]
                >>>>will never, ever look at it.[/color][/color][/color]
                [color=blue][color=green][color=darkred]
                >>>Just don't use this method to protect passwords or other sensitive client
                >>>informatio n.[/color][/color][/color]
                [color=blue][color=green]
                >>Why would *any* passwords or client-sensitive information be stored in a
                >>file that goes to the client in plain text?[/color][/color]
                [color=blue][color=green]
                >>That's plain dumb.[/color][/color]
                [color=blue]
                > Obfuscation/abbreviation as well as encoding the
                > file makes it a teensy bit harder to crack.[/color]

                No amount of obfuscation can improve a really bad design. The best you
                can hope to accomplish is to hide from your employers just how bad your
                work really is.


                Comment

                • Fred Oz

                  #9
                  Re: Hiding .js

                  Andrew Thompson wrote:
                  [color=blue]
                  > Obfuscation/abbreviation as well as encoding the
                  > file makes it a teensy bit harder to crack.
                  >[/color]

                  Yes, that's what I meant but didn't say - obfuscation just makes the
                  code more difficult for a human to read, it doesn't apply any
                  meaningful encryption and in no way "protects" the code. But that
                  doesn't stop people selling products that do it.

                  Fred.

                  Comment

                  • KHaled

                    #10
                    Re: Hiding .js

                    Fred Oz <ozfred@iinet.n et.au> wrote in
                    news:416bcb93$0 $25485$5a62ac22 @per-qv1-newsreader-
                    01.iinet.net
                    ..au:

                    Yes, the only thing that I am trying to do is avoid an iffy
                    client ripping of the code before he pays for it..

                    As things worked out, after seeing an image of a prototype
                    that I had developed, and after I asked him for specific
                    information pertaining to his needs I got no response, so I
                    assume we don't have a deal..

                    My sense was that he is a script kiddie who wanted to see how
                    I would do things..

                    For the record, I based my script on publicly available
                    scripts from www.dyn-web.com An amazing collection !!

                    Regards,
                    KHaled.

                    Comment

                    • Patrick Savelberg

                      #11
                      Re: Hiding .js

                      Hello,

                      I have a possible solution for protecting javascript .js files. For this to
                      work you need a scripting language on the server. I used PHP.

                      1. The script.js file is renamed to script.php. Ofcourse all references to
                      the .js file in all your HTML files will have to be changed in .php too.
                      2. at the top of the script.php add folowing lines:

                      <?PHP
                      $domain = "http://www.yourdomain. com/"
                      $pos = strpos($_SERVER['HTTP_REFERER'], $domain);
                      if($pos === false) {
                      die();
                      }
                      ?>

                      What it does is that the script checks by whom it has been refered. If it
                      has been refered from an html page on our domain then the
                      $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
                      user viewed our html source he would notice the location of the JS source
                      with a .php extension. If he would try to enter the url manualy in the
                      browser the referer wouldn't be from our domain and the script simply dies,
                      sending no javascript to the client.


                      "KHaled" <me@localhost.h ome> schreef in bericht
                      news:Xns95807E7 A4B8E6khaledloc alhost@130.133. 1.4...[color=blue]
                      > Greetings all..
                      >
                      > I would like to hide my javascript code from "view source code"
                      > option in browsers. Is there a way of protecting the code ?
                      >
                      > TIA,
                      > KH.[/color]


                      Comment

                      • Michael Winter

                        #12
                        Re: Hiding .js

                        On Wed, 13 Oct 2004 10:21:38 +0200, Patrick Savelberg <psavelberg@hom e.nl>
                        wrote:

                        [snip]
                        [color=blue]
                        > What it does is that the script checks by whom it has been refered. If
                        > it has been refered from an html page on our domain then the
                        > $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If
                        > a user viewed our html source he would notice the location of the JS
                        > source with a .php extension. If he would try to enter the url manualy
                        > in the browser the referer wouldn't be from our domain and the script
                        > simply dies, sending no javascript to the client.[/color]

                        That doesn't prevent me from retreiving the script from my cache. Combine
                        that with the fact that a user agent isn't required to send a referrer
                        header, causing a failure for legitimate users, this seems to be a stupid
                        idea.

                        You CANNOT prevent me viewing a script. You can make it difficult, but if
                        I'm really that determined, there is nothing to stop me. However,
                        considering the quality of most scripts on the Web, there are very few
                        authors that would create that kind of interest.

                        [snip]

                        Mike

                        --
                        Michael Winter
                        Replace ".invalid" with ".uk" to reply by e-mail.

                        Comment

                        • Randy Webb

                          #13
                          Re: Hiding .js

                          Patrick Savelberg wrote:
                          [color=blue]
                          > Hello,
                          >
                          > I have a possible solution for protecting javascript .js files. For this to
                          > work you need a scripting language on the server. I used PHP.
                          >
                          > 1. The script.js file is renamed to script.php. Ofcourse all references to
                          > the .js file in all your HTML files will have to be changed in .php too.
                          > 2. at the top of the script.php add folowing lines:
                          >
                          > <?PHP
                          > $domain = "http://www.yourdomain. com/"
                          > $pos = strpos($_SERVER['HTTP_REFERER'], $domain);
                          > if($pos === false) {
                          > die();
                          > }
                          > ?>
                          >
                          > What it does is that the script checks by whom it has been refered. If it
                          > has been refered from an html page on our domain then the
                          > $_SERVER['HTTP_REFERER'] variable would contain our domain ($domain). If a
                          > user viewed our html source he would notice the location of the JS source
                          > with a .php extension. If he would try to enter the url manualy in the
                          > browser the referer wouldn't be from our domain and the script simply dies,
                          > sending no javascript to the client.[/color]

                          Put that on a page. Then, run this bookmarklet from the taskbar in IE,
                          and there is the script. Doesn't even require View>Source, it will
                          display in the browser.

                          javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer HTML.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"). replace(/\n/g,"<li>")+'<\/ol><\/code>';

                          It is even numbered for you. So, how does the referrer have anything to
                          do with stopping that?

                          --
                          Randy
                          comp.lang.javas cript FAQ - http://jibbering.com/faq
                          Answer:It destroys the order of the conversation
                          Question: Why?
                          Answer: Top-Posting.
                          Question: Whats the most annoying thing on Usenet?

                          Comment

                          • Philip Ronan

                            #14
                            Re: Hiding .js

                            On 13/10/04 12:42 pm, Randy Webb wrote:
                            [color=blue]
                            > Put that on a page. Then, run this bookmarklet from the taskbar in IE,
                            > and there is the script. Doesn't even require View>Source, it will
                            > display in the browser.
                            >
                            > javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer HTM
                            > L.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"). re
                            > place(/\n/g,"<li>")+'<\/ol><\/code>';
                            >
                            > It is even numbered for you. So, how does the referrer have anything to
                            > do with stopping that?[/color]

                            That's neat :-)

                            Can I just suggest changing
                            replace(/\n/g,"<li>")
                            to
                            replace(/(\n\r?)|\r/g,"<li>")
                            to accommodate different kinds of line break (on my Mac everything ends up
                            on one line otherwise).

                            This is what I ended up with:

                            javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer H
                            TML.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"
                            ).replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';

                            Phil
                            --
                            Philip Ronan
                            phil.ronanzzz@v irgin.net
                            (Please remove the "z"s if replying by email)


                            Comment

                            • Andrew Thompson

                              #15
                              Re: Hiding .js

                              On Wed, 13 Oct 2004 12:53:40 +0100, Philip Ronan wrote:

                              (Randy webb)[color=blue][color=green]
                              >> javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer HTM
                              >> L.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"). re
                              >> place(/\n/g,"<li>")+'<\/ol><\/code>';[/color][/color]
                              ....[color=blue]
                              > That's neat :-)[/color]

                              I could not agree more.
                              [color=blue]
                              > javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer H
                              > TML.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"
                              > ).replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';[/color]

                              Can anybody suggest a way to 'plant' those as href's in a web-page
                              in such a way that a random user can add them to their favorites?
                              I had a play with doing Randy's version, and got it all messed up,
                              though I was able to get in into my own favorites OK.

                              --
                              Andrew Thompson
                              http://www.PhySci.org/codes/ Web & IT Help
                              http://www.PhySci.org/ Open-source software suite
                              http://www.1point1C.org/ Science & Technology
                              http://www.lensescapes.com/ Images that escape the mundane

                              Comment

                              Working...