Best IT Recipes

How to hide javascript code on web page?

Is it possible to hide Javascript code from the html of a web page when the source code is viewed through the browser source code view function?

I know that you can obfuscate the code, but I would prefer it to be hidden from the view source function.

+65
javascript browser hide obfuscation
Jul 29 '11 at 6:11
source share
9 answers

I'm not sure if anyone else actually addressed your question directly, which is viewed by code from the View Source command. [/ p>

As others have said, there is no way to protect javascript designed to work in a browser from a specific viewer. If the browser can launch it, then any specific person can view and launch it.

But, if you put your javascript in an external javascript file that is included:

<script type="text/javascript" src="http://mydomain.com/xxxx.js"></script>

then the javascript code will not be immediately visible using the "View Source" command - only the script tag will be visible this way. This does not mean that someone cannot simply download this external javascript file to see it, but you asked how to save it in the View Source browser, and that will do it.

If you want to really do more work to view the source, you will do all of the following:

  • Put it in an external .js file.
  • Obfuscate the file in such a way that most variable names are replaced with short versions, so that all unnecessary spaces are removed, so they cannot be read without further processing, etc.
  • Dynamically include a .js file by programmatically adding script tags (e.g. Google Analytics). This will make it difficult to access the source code from the View Source command, as there will be no easy link to click there.
  • Put so much interesting logic that you want to protect on the server that you retrieve through ajax calls, not local processing.

With that said, I think you should focus on performance, reliability, and a great application. If you absolutely need to protect some algorithm, put it on the server, but, in addition, compete to be the best with you, not the secrets. Ultimately, how success works on the Internet anyway.

+87
Jul 29 '11 at 6:20
source share

No, It is Immpossible.

If you did not give it to the browser, then the browser does not have it.

If you do this, then this (or simply the subsequent link to it) is part of the source.

+33
Jul 29 '11 at 6:13
source share

Use Html Encrypter. The part of the head that has

 <link rel="stylesheet" href="styles/css.css" type="text/css" media="screen" /> <script type="text/javascript" src="script/js.js" language="javascript"></script> copy and paste it to HTML Encrypter and the Result will goes like this and paste it the location where you cut the above sample <Script Language='Javascript'> <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%6C%69%6E%6B%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%20%68%72%65%66%3D%22%73%74%79%6C%65%73%2F%63%73%73%2E%63%73%73%22%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%20%6D%65%64%69%61%3D%22%73%63%72%65%65%6E%22%20%2F%3E%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%73%63%72%69%70%74%2F%6A%73%2E%6A%73%22%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%3C%2F%73%63%72%69%70%74%3E%0A')); //-->

HTML ENCRYPTER Note: If you have a java script on your page, try exporting to a .js file and do this as an example above.

And also this Encrypter does not always work in some code that will make the ur site get confused ... Choose the best part that you want to hide, for example, in <form> </form>

It can be the other way around from the user, but not all noobs, like me, know this.

Hope this helps

+12
Dec 15 '12 at 11:23
source share

My decision is inspired by the last comment. This is invisible.html code

 <script src="http://code.jquery.com/jquery-1.8.2.js"></script> <script type="text/javascript" src="invisible_debut.js" ></script> <body> </body>

Open source invisible_debut.js:

 $(document).ready(function () { var ga = document.createElement("script"); //ga is to remember Google Analytics ;-) ga.type = 'text/javascript'; ga.src = 'invisible.js'; ga.id = 'invisible'; document.body.appendChild(ga); $('#invisible').remove();});

Note that in the end I delete the created script. invisible.js:

 $(document).ready(function(){ alert('try to find in the source the js script which did this alert!'); document.write('It disappeared, my dear!');});

invisible.js is not displayed in the console because it was deleted and was never in the source code because javascript was created.

As for invisible_debut.js, I obfuscated it, which means that it is very difficult to find the url invisible.js. Not perfect, but hard enough for a regular hacker.

+8
Nov 19 '13 at 22:33
source share

"Impossible!"

Oh yes it is ....

 //------------------------------ function unloadJS(scriptName) { var head = document.getElementsByTagName('head').item(0); var js = document.getElementById(scriptName); js.parentNode.removeChild(js); } //---------------------- function unloadAllJS() { var jsArray = new Array(); jsArray = document.getElementsByTagName('script'); for (i = 0; i < jsArray.length; i++){ if (jsArray[i].id){ unloadJS(jsArray[i].id) }else{ jsArray[i].parentNode.removeChild(jsArray[i]); } } }
+6
Jan 24 '13 at 6:55
source share

I am not sure there is a way to hide this information. No matter what you do to confuse or hide everything you do in JavaScript, it still comes to the point that your browser needs to load it in order to use it. Modern browsers have tools for debugging / analyzing web pages that make extracting and viewing scripts trivial (for example, press F12 in Chrome).

If you are worried about exposing any trade secret or algorithm, then your only call is to encapsulate this logic in a web service call and make your page link to this function through AJAX.

+5
Jul 29 '11 at 6:17
source share

You can use document.write .

Without jQuery

 <!DOCTYPE html> <html> <head><meta charset=utf-8></head> <body onload="document.write('<!doctype html><html><head><meta charset=utf-8></head><body><p>You cannot find this in the page source. (Your page needs to be in this document.write argument.)</p></body></html>');"> </body></html>

Or using jQuery

 $(function () { document.write("<!doctype html><html><head><meta charset=utf-8></head><body><p>You cannot find this in the page source. (Your page needs to be in this document.write argument.)</p></body></html>") });
+5
Dec 01 '13 at 20:35
source share

I think I found a solution to hide some JavaScript codes in the browser view source. But for this you need to use jQuery.

For example:

In your index.php

 <head> <script language = 'javascript' src = 'jquery.js'></script> <script language = 'javascript' src = 'js.js'></script> </head> <body> <a href = "javascript:void(null)" onclick = "loaddiv()">Click me.</a> <div id = "content"> </div> </body>

You load the file into the html / php body called by the jquery function in the js.js.

js.js

 function loaddiv() {$('#content').load('content.php');}

Here is the trick.

In your content.php file, put another header tag, then open another js file.

content.php

 <head> <script language = 'javascript' src = 'js2.js'></script> </head> <a href = "javascript:void(null)" onclick = "loaddiv2()">Click me too.</a> <div id = "content2"> </div>

in the js2.js file, create whatever function you want.

Example:

js2.js

 function loaddiv2() {$('#content2').load('content2.php');}

content2.php

 <?php echo "Test 2"; ?>

Please follow the link, then copy it to the jquery.js file name

http://dl.dropbox.com/u/36557803/jquery.js

Hope this helps.

+4
Nov 07
source share

Impossible!

The only way is to obfuscate javascript or minimize your javascript, which makes end-user reengineering difficult. however, it is impossible to rebuild.

+1
Aug 03 '12 at 9:11
source share


More articles:


All Articles