View Full Version : hiding javascript code

05-01-2008, 03:13 AM
Is it possible to hide the javascript code in the browser.
When person view source the html page , all the javascript function stay there as it is . Any person can see whats happening like variabble name

how can we prevent that?

05-01-2008, 03:21 AM
move your code into an external file. if you're looking for being able to explore your javascript's values as it's running, try using opera or another browser that allows you to browse the DOM for the page that's loaded. in opera at least, there is a tab nead the DOM view tab named JS which allows you to inspect your declared functions and variables (along with the values stored in those variables). there isn't really a way to prevent the user from seeing the code at all, but there are tools out there which will help you to obscure your source if you don't want the user to understand what the code does.

05-01-2008, 08:44 AM
Even if i move them to external file user can still dowload that external JS file and then downlaod it

05-01-2008, 08:48 AM
Sounds like http://www.codingforums.com/showthread.php?p=182173#post182173 :)

Philip M
05-01-2008, 09:02 AM
Even if i move them to external file user can still dowload that external JS file and then downlaod it

Yes. For the zillionth time, you cannot prevent a determined user from reading the source of your Javascript or HTML files. They are already in his computer. The best you can do is use obfuscating techniques, which may or may not defeat the moderately determined user. These techniques may also server to obfuscate the code from you as well!

Why do you want to hide your .js? I doubt if your code is so marvellously clever that others would want to steal or re-use it.

The same applies to the issue of "stealing" images. The short answer is if you do not want people to have access to your code or images, don't upload it to the web in the first place. :D

05-01-2008, 09:02 AM
Sounds like http://www.codingforums.com/showthread.php?p=182173#post182173 :)

Read that thread , so i can't protect the code.

What is ionCube , i have heard about it but never used it . Can it be helpful in this case or not

Philip M
05-01-2008, 09:46 AM
You would have fewer red blots if you asked fewer questions where making use of Google or the search facility in this forum would quickly give you the answer. Don't be helpless!

ionCube is an encrypter for PHP (a server-side language) and not JavaScript (a client-side language).


05-01-2008, 10:48 AM
There are about 6 different obfusication utilities out there. Just do a google search for a while. I tried the a few free ones, and downloaded commercial versions. They all promised to obscure the code, and it looked like it would do a good job of making it very difficult to read, not fool proof, a definite layer of protection. The problem I ran into is that I could not get a single one of them to run reliably. I tried each level of obfusication, and none of my code would work the same afterwards. A fairly expensive commercial app that will come in at the top of your searches was very buggy. After several hours of messing around I decided it wasn't really worth it.

05-01-2008, 10:59 AM
For each "encrypting" application will appear, the very next second, an "unencrypting" one. Forget it :)

05-02-2008, 01:57 AM
I agree that whatever we try we can't hide the code . What about if we want to
encrypt or hide only 1 line.

I don't want to make visible the path of JS file . So may be hdidng one line of code is possible. something like

puting js source in php include and the calling functions (just wild guess :))

05-02-2008, 02:06 AM
if anything you do in php is accessible through the page (ie, having the ability to call a function, or execute a line of code) it will actually be written to the page. if you want to get sneaky, what you do is this.

1. write your page normally, without the script.
2. include an ajax script in your page
3. use that ajax script to call a new php page you will write
4. have that php page redirect to the javascript you want to include (.js file)
5. use eval on the responseText property of your ajax request when it has completed

this will import the script into the page without the user being able to go "view source" and see it, but the file will be in their cache, as well as the fact that anyone with opera or firefox (or ie8) can open the page as a running object, meaning they can see the dynamically generated html, what js functions/variables are defined, etc. so it's a losing battle, but you could do it that way.

05-02-2008, 02:18 AM
I will try that but i think it will complicate the things for no reason . Thanks guy:thumbsup:s

05-02-2008, 07:10 AM
Yes, that trick should do for the low/medium skilled users. But even so, the FF Firebug and the IE7 Developer Bar will still be able to display the JS code, even if it is dynamically generated, because the code is loaded in the cache as well.

You see, there is a paradoxical situation. You can "hide" (or at least crypt) the client-side code from unskilled users, but the unskilled users usually don't try to see it or use it because they don't understand any language anyway. The only people who might be interested in your code are skilled in programming languages, and you can hide nothing from them because they are skilled. :rolleyes: Moreover, usually the skilled people don't need your code, because professionals know that is easier to make a code of your own than to modify someone else's code. So they will not be interested, same as the unskilled. Now the question is: why to hide the code when 9/10 of the users don't understand your code and 1/10 of them don't want your code? :)

So that, in my opinion, it is a waste of time to try to hide the HTML/Javascript source code.

The only absolute secure way to hide a client-side application is to... :D use a server-side code instead :rolleyes:

05-02-2008, 08:56 PM
Now the question is: why to hide the code when 9/10 of the users don't understand your code and 1/10 of them don't want your code?

I'm betting it's because of this:

What about if we want to
encrypt or hide only 1 line.

Only reason that comes to mind to hide a single line of code is password. And, of course, passwords in javascript are a bad idea.

05-02-2008, 10:30 PM
in my adventures trying to fix the most poorly structured system i've ever seen, i've actually come across a way to do some hiding. nest framesets within pages loaded within frames, within frames... etc. also, be sure to use code that generates at least 700 validation errors. append your code within one of the lowest level frames & reference it. granted it won't work (the script) but no one will be able to see what it would do, should it have decided to work.

i hate life.