Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,043
    Thanks
    0
    Thanked 251 Times in 247 Posts

    hiding javascript!

    Yes, it's possible! ...at least in IE, using external javascript and server-side language.
    In my code below, I used VBScript/ASP. You can convert it to any server-side language.

    js.asp
    Code:
    /*****************************
    JavaScript Code Hider/Blocker
    Created by: Glenn G. Vergara
    July, 2003
    glenngv@yahoo.com
    Philippines
    ******************************/
    <%
    'don't cache the js file
    Response.Buffer = True
    Response.Expires = -1
    Response.AddHeader "Pragma", "no-cache"
    Response.AddHeader "cache-control", "no-store"
    Response.ContentType = "text/javascript"
    
    Dim strReferer, bAccessOK, strRefererHost, intStart, intFirstSlash, bViewJS, strMyHost, strProtocol
    
    bAccessOK = false
    bViewJS = true
    strReferer = request.servervariables("HTTP_REFERER")
    
    if strReferer <> "" then
    	intStart = instr(1,strReferer,"://")
    	intFirstSlash = instr(intStart+3,strReferer,"/") 
    	strRefererHost = mid(strReferer,intStart+3,intFirstSlash-intStart-3)
    	strMyHost = request.servervariables("HTTP_HOST")
    	if strRefererHost = strMyHost then bAccessOK = true
    	bViewJS = false
    end if
    
    if not bAccessOK then
    	if bViewJS then
    %>
    alert("Sorry, you are not allowed to view my JavaScript codes!!!");
    <%
    	else 'other site has linked this js file
    		if request.servervariables("HTTPS")="on" then strProtocol = "https" else strProtocol = "http"
    %>
    alert("Sorry, this site is NOT allowed to link the JavaScript file, <%=strProtocol & "://" & strMyHost & request.servervariables("URL")%> !!!");
    <%
    	end if
    	Response.End
    end if
    %>
    /********************************
    End JavaScript Code Hider/Blocker
    *********************************/
    
    //your javascript codes start here
    alert('You can execute my JavaScript codes!');//test
    just use it in any page like this:
    <script type="text/javascript" src="js.asp"></script>

    The code above doesn't only hide the js file, it also prevents other sites to link the file.

    With this code, the js file is not cached on the client's temporary internet files, so you can't view its source. Typing view-source:url of js file in the address bar will just generate the "You are not allowed..." message. You can't even download the file.
    But unfortunately, that "view-source" behavior is in IE only, though in other browsers, the js file is also not cached. In NS6+ or Mozilla, using view-source:url of js file will display the actual generated source code of the js. In NS4, the server variable that holds the url of the referring document returns empty. It can be concluded that when NS4 accesses the external js file in a page, the referer is always empty. Maybe it can also be said for accessing images, css files in a page. So, it's totally unusable in NS4.

    I posted it even though it has limited browser support. I just want to point out that it is still possible to hide javascript codes from the client. We all know that we have never-ending questions of that nature here in CodingForums.

    Your comments are welcome.

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The directive to not cache can be altered by firewall software and despite that directive I think IE will put it into the cache and then delete the file as you leave the page so as long as the user has the page open they can still find the JS file in the cache.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I agree - it will have no effect because the file will be cached, even if only temporarily. All one would have to do is open the cache folder; or of course, not use IE to view it.
    "Why bother with accessibility? ... Because deep down you know that the web is attractive to people who aren't exactly like you." - Joe Clark

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I guess I should have added that while it's an interesting thought and a nice effort it's still a not worth bothering to use since it's still easily bypasses.

    Fortunately or unfortunately (depending on your point of view) the very nature of how the web works makes these efforts into exercises in futility.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    paris, france
    Posts
    1,216
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yeah people can rip you, but why make it easy for them?
    photoshop too expensive? use the GIMP! www.gimp.org

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Those who don't know how to go around a few simple barriers probably aren't smart enough to be able to make much if any use of code worth the effort of putting barriers around. Those who are smart enough to make use of the code will also be smart enough to be able to find their way around your barriers.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #7
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,043
    Thanks
    0
    Thanked 251 Times in 247 Posts
    I'm not saying that it's a fool-proof solution. And I'm not really a "hide javascript" advocate either. As I said in the last part of my post, I just pointed out that it is possible to hide the code in a specific browser such as IE. I just toyed with this solution because of all those countless "hide javascript" posts here in CF and other forums.
    I have tested it in our intranet and it works, the js file is not cached. I guess it may be useful in an intranet where the environment is controlled and the only browser is IE. And even then, you have to know where and when to use it or not (at all). I'm not in any way encouraging users to hide all their javascript codes in their applications. Only in justifiable situations such as simple online quizzes, games, etc...

  • #8
    New Coder
    Join Date
    Jul 2003
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You could always try to chipper it, thou, I don't think that would go over too well.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •