Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
View Source 1
- Thread starter mts176
- Start date
If you search the javascript forum on this site, you will find multiple discussions on this topic. I'll summarize:
"It can't be done"
If someone wants to see your client side source code, and they are the least bit resourceful, it's theirs. You could spend alot of time trying to hide it, but there simply isn't an effective way.
That being said, the most creative, simple, and effective "trick" I've seen is putting about 50 line breaks at the top of your HTML and putting some message at the very top like "This source code has been hidden." I've even seen one that added the "and your IP address is being logged".
It sounds simplistic, but first off, when they open it, all the user sees is this blank page with the message, and MOST will just click it off, and forget about it. For the others who would scroll down, those are the folks that could and would find it anyway if you went to great lengths to hide it.
For completeness, I'll say that there is also a FAQ over in the javascript forum about hiding source.
<soapbox>
Really, the beautiful thing about the web is that it is open source, and so that creates an incredible learning environment for developers, and I would go so far as to say that some of that code you are trying to hide, you have probably borrowed from some other person who borrowed it from someone else.
</soapbox>
Anyway, there's my two cents worth.
Paul Prewett
"It can't be done"
If someone wants to see your client side source code, and they are the least bit resourceful, it's theirs. You could spend alot of time trying to hide it, but there simply isn't an effective way.
That being said, the most creative, simple, and effective "trick" I've seen is putting about 50 line breaks at the top of your HTML and putting some message at the very top like "This source code has been hidden." I've even seen one that added the "and your IP address is being logged".
It sounds simplistic, but first off, when they open it, all the user sees is this blank page with the message, and MOST will just click it off, and forget about it. For the others who would scroll down, those are the folks that could and would find it anyway if you went to great lengths to hide it.
For completeness, I'll say that there is also a FAQ over in the javascript forum about hiding source.
<soapbox>
Really, the beautiful thing about the web is that it is open source, and so that creates an incredible learning environment for developers, and I would go so far as to say that some of that code you are trying to hide, you have probably borrowed from some other person who borrowed it from someone else.
</soapbox>
Anyway, there's my two cents worth.
Paul Prewett
JohnYingling
Programmer
There is right-click, View / Source on the IE menu, INet control and Webbrowser Control. If you send it, it can be seen. Compare Code (Text)
Generate Sort in VB or VBScript
Generate Sort in VB or VBScript
-
1
- #4
dilettante
MIS
That isn't 100% true.
Many of us have been forced to protect our intellectual property through one of two means.
One of these is to used compiled ActiveX objects to contain proprietary logic and even bits of HTML. The HTML gets inserted into <div> and <span> elements upon page load by setting innerHTML for these elements.
The other, less messy and less subject to security restictions, is to do the same thing with script which has been "script encoded."
See:
... for the whole story, and the encoder!
These by themselves are imperfect and subject to hacking, but the casual user doesn't have the means or the inclination - and if they do you can always use an ActiveX control that executes embedded encrypted script.
But we only use that for seriously paranoid clients - mostly financial and governmental applications.
As far as the web being "open source" goes, a web page containing a copyright notice and NOT granting rights for reuse is STILL copyrighted material. I know of two web design firms who were successfully sued on these grounds by a major New York news publisher.
Fortunately most of the web has kept the vult.. er, lawyers out of things - and a general spirit of sharing continues to thrive.
Simply suppressing "view source" won't buy you a lot, the user can always save the page to disk and examine it at his leisure. As I said, there are alternatives - but you have to reserve them for cases of real need.
Many of us have been forced to protect our intellectual property through one of two means.
One of these is to used compiled ActiveX objects to contain proprietary logic and even bits of HTML. The HTML gets inserted into <div> and <span> elements upon page load by setting innerHTML for these elements.
The other, less messy and less subject to security restictions, is to do the same thing with script which has been "script encoded."
See:
... for the whole story, and the encoder!
These by themselves are imperfect and subject to hacking, but the casual user doesn't have the means or the inclination - and if they do you can always use an ActiveX control that executes embedded encrypted script.
But we only use that for seriously paranoid clients - mostly financial and governmental applications.
As far as the web being "open source" goes, a web page containing a copyright notice and NOT granting rights for reuse is STILL copyrighted material. I know of two web design firms who were successfully sued on these grounds by a major New York news publisher.
Fortunately most of the web has kept the vult.. er, lawyers out of things - and a general spirit of sharing continues to thrive.
Simply suppressing "view source" won't buy you a lot, the user can always save the page to disk and examine it at his leisure. As I said, there are alternatives - but you have to reserve them for cases of real need.
JohnYingling
Programmer
ActiveX? Maybe, if you can get an internet user(as opposed to intranet user) to allow it to download. As for encoding scripts, it is not the casual user you worry about "stealing" your code. A quick visit to Google.com for "Microsoft VBScript Encoded" led me to so a "real" hacker should have no problem. I haven'yt had a need to try it so I can't testify that it works. Compare Code (Text)
Generate Sort in VB or VBScript
Generate Sort in VB or VBScript
I've built a site that is not completely protected because I think it is not possible but I find it fun to increase the difficulty for users to see my sources... It is like a game for little boys and little girls...
a) I set frames (iframes on div):
<DIV ID="my_div" STYLE="property:value">
<IFRAME SRC="my_page.htm" NAME="my_frame">
</IFRAME>
</DIV>
b) I disabled the right click on each page appearing in the frame:
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
function click()
{
if (event.button == 2)
alert("Right click disabled. Try another way."
}
document.onmousedown = click
//-->
</SCRIPT>
If we use the view source in IE menu we only see the source of the top page. The source of the internal pages is almost protected. You have to hide the URL of the links when the pointer of the mouse is over (search for status or defaultstatus). A way to view the source is simply to load the page... But it is reserved for advanced users.
It may be used by you in a more serious situation...
I hopes it helps you.
--
X-) Split.
a) I set frames (iframes on div):
<DIV ID="my_div" STYLE="property:value">
<IFRAME SRC="my_page.htm" NAME="my_frame">
</IFRAME>
</DIV>
b) I disabled the right click on each page appearing in the frame:
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
function click()
{
if (event.button == 2)
alert("Right click disabled. Try another way."
}
document.onmousedown = click
//-->
</SCRIPT>
If we use the view source in IE menu we only see the source of the top page. The source of the internal pages is almost protected. You have to hide the URL of the links when the pointer of the mouse is over (search for status or defaultstatus). A way to view the source is simply to load the page... But it is reserved for advanced users.
It may be used by you in a more serious situation...
I hopes it helps you.
--
X-) Split.
dilettante
MIS
Hey JohnYingling,
That's just the way it is.
If the user doesn't want to accept a signed ActiveX control from us, they don't have to do business with us.
Web access is being offered as a convenience feature - these people do have other options.
We'd use Java applets, but (a.) they're too expensive to write, and (b.) we hear about more JVM loopholes every day - so people will start disabling Java as well as shutting off all cookies and disallowing ActiveX.
There isn't any great solution, only a few hacks to limp along with.
That's just the way it is.
If the user doesn't want to accept a signed ActiveX control from us, they don't have to do business with us.
Web access is being offered as a convenience feature - these people do have other options.
We'd use Java applets, but (a.) they're too expensive to write, and (b.) we hear about more JVM loopholes every day - so people will start disabling Java as well as shutting off all cookies and disallowing ActiveX.
There isn't any great solution, only a few hacks to limp along with.
- Status
Similar threads
- Locked
- Question
- Locked
- Question