How can I hide a .js file?

@Jack_StrawSep 06.2006

Is there a way to make a javascript file accessible by a web page, but not by a user? What I mean is, I want my web page to be able to call functions in my .js file, but I don’t want the user to be able to view or download that .js file.

As of right now, if a user view’s the source of my web page they will see code like:

[code]<Script language=”JavaScript” src=”www.mywebspace.com/myjava.js”></script>[/code]

Once they see that, they can simply paste the ‘www.mywebspace.com/myjava.js’ into their web browser and download/view the file. Is there a way to avoid this?

I’ve tried playing with the ‘permissions’ for the .js file on my server but have yet to solve the problem. Turning off read rights prevents the user from downloading it, but also prevents my web page from using it.

Advice?

Thanks in advance,
-Jack

to post a comment

JavaScript

14 Comments(s) _↴

@mrhooSep 06.2006 — #I'm sorry, Jack, but nobody wants to read your code.

@BuezaWebDevSep 06.2006 — #http://www.developertutorials.com/tutorials/php/hide-your-javascript-with-php-050419/page1.html

You won't be able to view the JS file, but if your browser caches all files that it downloads...then they can just look into their temp files and read your javascript file from there.

It'll stop most people from viewing your js source at least.

@jayapalchandranMay 07.2009 — #this reply is after 2 years... anyway people might benifit from this...

have your js files as php files

create htaccess which will replace js to php

create a session before starting the script tags

in the js php file check whether session exists else exit ; this must be the first line

at the bottom of the js php clear the session...

so only if the session exists your js code will be sent to the browser ... if anybody directly access the js file then it wont appear...

it is working for me...

i saved the html page and in that found the js php file with extention html but nothing inside...

if some body could find any holes in this then that will be nice...

just think about it a bit and you will get the bulb in your head...

@felgallMay 07.2009 — #A simple view source bookmarklet or userscript should be able to view that JavaScript from the live page - completely bypassing that 'protection' with just one or two mouse clicks.

@rnd_meMay 08.2009 — #javascript can run, but it can't hide.

if the user can't see it, neither can the browser.

one can always iterate [I]window [/I]in firefox, revealing any functions or globals you use.

you can wrap all your code in one anon function to circumvent this, but few do.

@jayapalchandranMay 09.2009 — #Hi, thank you two for the above two replies...

i am not aware of these two source bookmarklet or userscript...

what are those... how do one check with this to see javascript sources...

if i could get this answer then i can make your points the final and i and my suggestions to the others regarding this can be very clear and correct. so can you help me doing like you said... thank you.

@Declan1991May 10.2009 — #rnd me said it, if the browser can see it, so can the user. Give [url=getfirebug.org]Firebug[/url] a go. I don't know exactly how Firebug shows script tags, but I don't believe they call the page again, so it should show the code. And read the stickies. All that code does is only allow the JavaScript to be called in the page, nothing else. It is impossible to prevent someone getting their hands on JavaScript if they want it, and that is a big if.

@jayapalchandranMay 13.2009 — #hi, it seems to be yes... so the only way to scramble the javascript which will change the code unreadable but executive... OK. thanks all for the replies.

@chrisecclesMay 12.2011 — #

Put your xxxx.js files in a directory.
-

Put a .htaccess in the same directory with:

[COLOR="Navy"][FONT="Courier New"]Options -Indexes[/FONT][/COLOR]

-

chmod your Javascript files to octal 0700.

chmod your directory to octal 0755.

Browser will still read in a Javascript file(s).

Any attempt to directly read the file will 403.

Any attempt to list the directory will 403.

Chris Eccles

@DanInMAMay 12.2011 — #the original post was from 2006, I think it's ok to let it die now ?

@wbportMay 12.2011 — #The following code is named hide.htm

[CODE]h = '<script type="text/javascript">top.location = "hide1.htm"</script>;<!-- ';
 
 function p() {
 alert('Javascript code processed');
 }
 
 h = ' -->';[/CODE]

And this code is hide1.htm<html><head><title>test of hide</title>

<script type="text/javascript" src="hide.htm"></script>

</head><body>

<a href="javascript: p();">here</a>

</body></html>[/QUOTE]When you run hide1 you can't see function p() and if you try to bring up hide.htm the [CODE][COLOR="Red"][/COLOR][/CODE] will still keep function p() hidden.

Of course, they can always turn off javascript.

@KorMay 13.2011 — #A, c'mon, not again!

I can:

- download the hide.htm and open it with Notepad

- use a Developer Tool (like FireBug / FF), which will display directly the code

- send a Ajax+server-side proxy request to the hide.htm, and getting the code as a responseText

- disable JavaScript and open the hide.htm

and 1 other trillion methods to bypass that "trick".

Once again: there is no way to hide a client-side code. All you can do is to obfuscate it, in order to make it hard to decrypt. But the encrypting can not be 100% secure, at it will have a single key: a public key.

@chrisecclesMay 15.2011 — #I know this is a dead thread (some would say 'dead duck') and I do

apologise to Mod for resurrection of same.
-

I just wanted to know if anyone had tried serving the page with PHP,

as I intimated, and using chmod to reset the permissions after the

js file is cached in the browser ? It won't prevent inspection of the

cache, I know. Nothing will, as several posts point out.
-

@KorMay 16.2011 — #I know this is a dead thread (some would say 'dead duck') and I do

apologise to Mod for resurrection of same.
-

cache, I know. Nothing will, as several posts point out.
-

I tried this and it seemed to work (erratically) but I may be making

some daft scripting errors and just wanted someone else's experience

as to whether the [B]principle[/B] is sound.

CE

(Edit: And, is that Windows Azure ad irritating, or what ?) ;-([/QUOTE]

Don't forget about the Developer Tools (FireBug or whichever). They will display the JavaScript code as well. What's the use of hiding JS codes when: who is not a professional doesn't need nor is able to understand the code, and who's a professional either will copy it without problem or he does not need your code, as he's able to create his own code?

Trying to hide a JS code is just a waste of time. It does not worth the effort.

Also in #JavaScript _↴

Mouse rollover screen.Height and screen.Width JavaScript Button into HTML

Success!

Help @Jack_Straw spread the word by sharing this article on Twitter...

Tweet This

How can I hide a .js file?

14 Comments(s) _↴

Put your xxxx.js files in a directory.
-

apologise to Mod for resurrection of same.
-

cache, I know. Nothing will, as several posts point out.
-

apologise to Mod for resurrection of same.
-

cache, I know. Nothing will, as several posts point out.
-

Also in #JavaScript _↴

Success!

Social

Version

How can I hide a .js file?

14 Comments(s) ↴

Put your xxxx.js files in a directory. -

apologise to Mod for resurrection of same. -

cache, I know. Nothing will, as several posts point out. -

apologise to Mod for resurrection of same. -

cache, I know. Nothing will, as several posts point out. -

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

14 Comments(s) _↴

Put your xxxx.js files in a directory.
-

apologise to Mod for resurrection of same.
-

cache, I know. Nothing will, as several posts point out.
-

apologise to Mod for resurrection of same.
-

cache, I know. Nothing will, as several posts point out.
-

Also in #JavaScript _↴