Hide javascript from display in browser

Question

Hide javascript from display in browser

I have some javascripts that I use in my files. But when we look at the source code, it shows our javascript as it is. Is there a way by which we can hide our javascript from displaying in the browser using php.

+4

javascript php hide

developer Jul 24 '09 at 10:50

source share

7 answers

The way it works is accessible to everyone. However, you can confuse it.

+5

slipbull Jul 24 '09 at 10:52

source share

Since Javascript runs inside the browser, it must be sent to this client computer on the client machine.

So, one way or another, the client must be able to read it. Thus, no, you cannot stop your users from seeing JS code if they want to.

You can obfuscate , but someone who really wants to get to your source will always be able (event if it is complicated) ... But the point is, why would you not allow users to see the JS source code if they want to?

As a side element: with minifigured / obfuscated JS code, when you get an error, it will be harder to track ... (and you really need to keep the non-phobized version on your development / testing machine)

+3

Pascal martin Jul 24 '09 at 11:04

source share

I recommend minimizing it, and this will remove the comments and white space from your code. If you do not want the variable names to be visible, you will need to confuse it.

+2

AutomatedTester Jul 24 '09 at 10:53

source share

I'm not sure if this will work, I can try it someday. But basically:

<script type="text/javascript" src="MyScript.php"></script>

In the PHP file, add a link to check which page requested it or what was on the last page. Then, if it was one of your own pages, then the JS echo, if not then, not an echo. You can still read JS, but even harder than just looking at the source and de-obfuscated. This way you can also confuse the code inside the .php file.

+1

Tylerf Jul 24 '09 at 11:23

source share

no. javascript is executed on the client side.

0

troelskn Jul 24 '09 at 11:00

source share

There is another way to hide Javascript for the most basic users.

Just check here to try to find javascript behind the text box ...

However, the script is still displayed for advanced users - see the bottom of this post to see why -

The idea is to put your javascript functions in a separate .js file. When loading the source PHP or HTML page instead of directly calling with

 <SCRIPT language="JavaScript" SRC="original_file_to_hide.js"></SCRIPT>

you include the php script header, which will copy the “mysource.js” file to the random file “kcdslqkjfldsqkj.js” and modify your HTML file to call

 <SCRIPT language="JavaScript" SRC="temporary_copy_of_the_file.js"></SCRIPT>

instead of this. After that, simply delete the copy kcdslqkjfldsqkj.js file on your server, and when the user searches for the source code, the browser will contact the missing file !!!

So, this is for theory, then there is a small problem to work around : if the HTML / PHP file loads too quickly, your script will be deleted from your server before the browser has loaded the script.

So you need

To copy a file to another random name
Upload file to PHP source file
Wait a few seconds after loading the HTML / PHP file until ...
... delete file

Here is the HTML / PHP source " test.php " that should be displayed to the end user:

 <?php //javascript source code hiding technique : Philippe PUECH, 2013 //function thanks to Stackoverflow, slightly modified //http://stackoverflow.com/questions/4356289/php-random-string-generator function RandomString() { $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $randstring = ''; for ($i = 0; $i < 10; $i++) { $randstring = $randstring.$characters[rand(0, strlen($characters))]; } return $randstring; } //simple header script to create a copy of your "precious" javascript ".js" file $original_filename="functions.js"; //find a better (complicated) name for your file $hidden_filename=RandomString().".js"; //temporary filename copy($original_filename,$hidden_filename); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Catch my Javascript if you can !</title> </head> <SCRIPT language="JavaScript" SRC="<?php echo($hidden_filename); ?>"></SCRIPT> <script type="text/javascript"> </script> <body onLoad="javascript:testfunc();"> This is the page with anything you like ! </body> </html> <?php sleep(1); //you can comment following line echo "finished !"; unlink($hidden_filename); ?>

Here is the source of the functions.js file that will be hidden from the user.

 // JavaScript Document function testfunc(){ alert("It works..."); }

However, as stated in the comment, the browser developer tools will store the script in memory and make it still visible to curious users ...; - ((

-2

philippe Apr 4 '13 at 14:32

source share

Espo · Accepted Answer · 2009-07-24T10:56:48+0000

There is a free javascript obfuscator at javascriptobfuscator.com . This will not prevent dedicated people from stealing your code, but plain copy and paste will not be easy.

Also see this question: How can I confuse (protect) JavaScript? . It contains some very good answers, and also explains how safe it is through obscurity.

Hide javascript from display in browser

More articles: