Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Hiding Javascript code
- Thread starter enak
- Start date
EdwardMartinIII
Technical User
Nate,
If faq216-355 doesn't help, then you can always try <body ViewSource="false">. It's really the most effective and simple thing you can do.
Cheers,
![[monkey]](/data/assets/smilies/monkey.gif "[monkey] [monkey]")
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
If faq216-355 doesn't help, then you can always try <body ViewSource="false">. It's really the most effective and simple thing you can do.
Cheers,
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
<body ViewSource="false">???
are you kidding? has no effect on my browsers.
=========================================================
try { succeed(); } catch(E) { tryAgain(); }
-jeff
are you kidding? has no effect on my browsers.
=========================================================
try { succeed(); } catch(E) { tryAgain(); }
-jeff
vilaishima
Programmer
the <!-- --> is only for hiding the javascript from HTML interpretation, which is only usefull for SE spiders.
If you dont let them view the source, they can still save the page to their pc and then edit it with an editor or even notepad.
The only way is to write your code on a seperate page and include it like this:
<script type="text/javascript" src="yourpage.js"></script>
hope it helps
If you dont let them view the source, they can still save the page to their pc and then edit it with an editor or even notepad.
The only way is to write your code on a seperate page and include it like this:
<script type="text/javascript" src="yourpage.js"></script>
hope it helps
EdwardMartinIII
Technical User
jemminger: are you kidding? has no effect on my browsers.
Well, if a pointer to an FAQ ain't gonna help, then I'll happily suggest a fictional, yet very real-sounding tag that will be exactly as effective as any other "trick" (ie: not-at-all), yet be easier to implement!
I guess an easier solution would be to write "Okay, I've already taken care of it. Alacazam -- you're JavaScript is encoded! You can see it, of course, because it's your code, but no one else can. And let this be our little secret..." Ah, the Mystery of Magic...![[infinity]](/data/assets/smilies/infinity.gif "[infinity] [infinity]")
enak, what you're asking is flatly impossible. Anyone attempting to tell you otherwise is either ignorant or deceitful and in neither case will you benefit from their advice.
The pointer to the FAQ is real, of course, and my little joke pokes fun at the variety of "partial" solutions that people may offer. These partial solutions will sound something like "well, you can hide it from a lot of people by..." and so on. It's not possible. Most of these "partial" solutions do not hide your source code, but instead make your site annoying or difficult to use by legitimate users.
(for one small contract, I had to grab samples of images from a client website. The owner importantly told me he would contact their webmaster to arrange it so I could view their source code. I informed him that viewing source code and extracting images is pretty much child's play. At first, he was concerned his security had been breached, but by the end of the very short conversation, he was convinced he had been bamboozled by his webmaster, which was, in fact, the truth.)
Because there is no effective way to hide code -- HTML or JavaScript -- then if you must do something, do something that is the least amount of work. Such as adding the fictitious tag above.![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
You can always put it inside a set of <bot></bot> tags (Boss Ordered This).
Cheers,
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
Well, if a pointer to an FAQ ain't gonna help, then I'll happily suggest a fictional, yet very real-sounding tag that will be exactly as effective as any other "trick" (ie: not-at-all), yet be easier to implement!
I guess an easier solution would be to write "Okay, I've already taken care of it. Alacazam -- you're JavaScript is encoded! You can see it, of course, because it's your code, but no one else can. And let this be our little secret..." Ah, the Mystery of Magic...
enak, what you're asking is flatly impossible. Anyone attempting to tell you otherwise is either ignorant or deceitful and in neither case will you benefit from their advice.
The pointer to the FAQ is real, of course, and my little joke pokes fun at the variety of "partial" solutions that people may offer. These partial solutions will sound something like "well, you can hide it from a lot of people by..." and so on. It's not possible. Most of these "partial" solutions do not hide your source code, but instead make your site annoying or difficult to use by legitimate users.
(for one small contract, I had to grab samples of images from a client website. The owner importantly told me he would contact their webmaster to arrange it so I could view their source code. I informed him that viewing source code and extracting images is pretty much child's play. At first, he was concerned his security had been breached, but by the end of the very short conversation, he was convinced he had been bamboozled by his webmaster, which was, in fact, the truth.)
Because there is no effective way to hide code -- HTML or JavaScript -- then if you must do something, do something that is the least amount of work. Such as adding the fictitious tag above.
You can always put it inside a set of <bot></bot> tags (Boss Ordered This).Cheers,
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
![[laughtears]](/data/assets/smilies/laughtears.gif "[laughtears] [laughtears]")
![[rofl3]](/data/assets/smilies/rofl3.gif "[rofl3] [rofl3]")
You can, to some extent, mask things by using ASP and VB Script. All they will see even if they download your page, is the results of what the VB Scripting creates, not the scripting itself, but that isn't going to do anything to mask formatting, since even if you do <% Response.write("<td width='126'>"
%> the source will still show <TD width="126"> when they view it or download it. They just wont see the code itself between the <% %> It's a good way to hide comments you don't want others to read though, ie:
<%
' This is a comment about how this section of code
' works, but I don't want anyone but someone with this
'original file to read it
%>
%> the source will still show <TD width="126"> when they view it or download it. They just wont see the code itself between the <% %> It's a good way to hide comments you don't want others to read though, ie:<%
' This is a comment about how this section of code
' works, but I don't want anyone but someone with this
'original file to read it
%>
EdwardMartinIII
Technical User
palbano (Programmer): I love it! Can i use that on my javascript that contains my super valuable calculations to slow down the speed of light?"
As long as my bicycle is exempt. I'm diggin on the high gear being simply labeled "c++". (Oooh, comp-sci and physics in the same joke!)
tviman, the purpose of using an external JS file is not to hide code (<body ViewSource="false"> does as effective a job without requiring an extra file), but to collect in one file many different functions such that one does not litter one's HTML with JavaScript code. It is, in fact, supposed to make things more clear. View Source will easily reveal the link to the .JS file, which can then be downloaded in a snap.
BHaines, the thing here is that the finished page is the product. When I want to write a Perl script to build a page (whether it contains JavaScript or not), I start by building the page. The Perl is simply a text-pumper. When a client cannot see the Perl, it's irrelevent because the Perl is basically "pump out this text" and the text is totally visible. A person could spend a lot of time having a server-side application do what they want, but even that's not actually secure from anyone who is at all even remotely interested in looking through your source. And those are the only ones that matter, right?![[lol]](/data/assets/smilies/lol.gif "[lol] [lol]")
The ordinary folks would be easily fooled if you added
(only with longer lines and about half a page of 'em) and added about a hundred empty line returns after it before starting your real HTML code.
Now that's magic!
Cheers,
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
As long as my bicycle is exempt. I'm diggin on the high gear being simply labeled "c++". (Oooh, comp-sci and physics in the same joke!)
tviman, the purpose of using an external JS file is not to hide code (<body ViewSource="false"> does as effective a job without requiring an extra file), but to collect in one file many different functions such that one does not litter one's HTML with JavaScript code. It is, in fact, supposed to make things more clear. View Source will easily reveal the link to the .JS file, which can then be downloaded in a snap.
BHaines, the thing here is that the finished page is the product. When I want to write a Perl script to build a page (whether it contains JavaScript or not), I start by building the page. The Perl is simply a text-pumper. When a client cannot see the Perl, it's irrelevent because the Perl is basically "pump out this text" and the text is totally visible. A person could spend a lot of time having a server-side application do what they want, but even that's not actually secure from anyone who is at all even remotely interested in looking through your source. And those are the only ones that matter, right?
The ordinary folks would be easily fooled if you added
Code:
<!-- BEGIN 1024-bit WEBSITE ENCRYPTION
oh498349hog9py34hp9ywoiropuywe984ytoihrgg8
oushdf9p8ye4hosh98ywe4trhs98fgywht[89ytj3t
oihr98y8945yo[ih8yertio3hto8eyrigheoity8ey
oh498349hog9py34hp9ywoiropuywe984ytoihrgg8
oushdf9p8ye4hosh98ywe4trhs98fgywht[89ytj3t
oihr98y8945yo[ih8yertio3hto8eyrigheoity8ey
END 1024-bit WEBSITE ENCRYPTION -->(only with longer lines and about half a page of 'em) and added about a hundred empty line returns after it before starting your real HTML code.
Now that's magic!
Cheers,
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
- Status
Similar threads
- Question