/    Sign up×
Community /Pin to ProfileBookmark

Hiding Your Source Code (Maybe) Possible

Copy linkTweet thisAlerts:
Jan 05.2007

I was just browsing through the forum while waiting for someone to hopefully answer a post I just wrote when I came across the following:

[QUOTE]

Wondering how to hide your source code?
Well, give up right now then, because it is absolutely impossible. “No right-click” scripts and other similar scripts will only end up annoying your users in which actually don’t even want to steal your source code or images, but rather just want to casually use their browser features. Doing things like this will, indeed, drive away some users because they will be confused if once they come to your site they won’t be able to use common features that they are usually able to use.

What it really comes down to is this: if the browser can render the page, and source code can be accessed — and there is nothing more to it. Doing things like using JavaScript to generate the the source code (and attempt to obfuscate it), you are making the page inaccessible to approximately 9% of your visitors (that includes search engines as well). As previously mentioned, “no right-click” scripts are also ineffective because there are several other ways to obtain source without the right-click context menu and moreover, JavaScript can be disabled.

The source code of your site will always be accessible no matter what, it simply isn’t worth trying to hide. Accept that it is impossible and simply don’t waste your time trying to prevent people from accessing it, because you can’t. The more accessible and usable your site is, the more people will be able to use and enjoy your site.

In the case of images, they can also easily be taken from a site no matter what kind of “no right-click” or other scripts you have applied. However, the most practical thing to do is to watermark your images. This will not completely prevent people from attempting to steal it, but it should cut down on the number of people that try to take your images because now there is something on the image that explictly defines it as your work.

[/QUOTE]

And I thought to myself, he’s right but maybe hiding the source is possible to a certain degree.

Not even an hour ago I implemented something to hide emails from sniffer bots while still allowing the page viewer to read it normally and have the default behaviour of a mailto: link. And I think a portion of what I did might be applicable here.

If, once you’ve finished writing all your code and saved all your files and before you upload them to your server, you create a server-side script, small application, maybe even a javascript file (that’s about as far as I can go to keep this post on the “javascript” subject) to transfrom all (or maybe even some) of the characters in your file to hexadecimal code it should still render correctly in any browser while effectively hiding your code from the faint of heart. Boy, that was a run-on sentence.

Anyway, I am in no way a proponent of hiding web page source code. Actually I am very much against it. But, I saw the sticky and got to thinking maybe it’s possible.

I’ve actually done no testing of this but, based on how my email hiding technique worked, I don’t see why this shouldn’t work either. If anyone actually does try this I’d love to hear if it does.

Douglas

to post a comment
JavaScript

7 Comments(s)

Copy linkTweet thisAlerts:
@mrhooJan 05.2007 — I wish more people [B]would [/B] hide their script from my browser, and the html too.

There is a lot of rotten code out there...
Copy linkTweet thisAlerts:
@OverstatementJan 05.2007 — Sure, there are lots of programs to 'hide' your by writing it so it doesn't make sense (replacing a variable names with numbers) but it still doesn't stop people from using them.

Edit: It's called [URL=http://en.wikipedia.org/wiki/Obfuscated_code]Obfuscation[/URL], some people use it for compressing scripts.
Copy linkTweet thisAlerts:
@ricpJan 05.2007 — I wish more people [B]would [/B] hide their script from my browser, and the html too.

There is a lot of rotten code out there...[/QUOTE]
?

Hear! Hear!


However, with regard to the OP, it's all security through obfuscation rather than hiding isn't it? I had the same discussion with someone at work today.

Personally my code is so flawless, unbelievably clever and beautifully written I would rather it was shown to everyone.. *cough* :rolleyes:
Copy linkTweet thisAlerts:
@felgallJan 06.2007 — Using a bookmarklet or user Javascript to display the unobfuscated source of any web page requires at most TWO mouse clicks and there is the page source in plain easy to read text (all you have to do is install the script first). How much easier can it be than that to completely bypass any and all attempts to hide the page source?

bookmarklet - http://javascript.about.com/library/blsource.htm (requires 2 clicks to view the source of any page)

User Script - http://javascript.about.com/library/blviewsource.htm (requires one click to view the source of any page)
Copy linkTweet thisAlerts:
@TNOJan 06.2007 — The bookmarklets, view source methods, and other things of that nature can easy be thwarted if you set up your page to be obfuscated towards those specifically. But the point remains, the browser needs to be able to read valid code in order to render. And if it can render than it can be read by a variety of methods you'd never guess. The only practical method I've seen to protect my source code is through using an HTML application granting access to the client's computer. But due to the trust violations that could occur, good luck using this method. The closest you will get in the webbrowser is by encrypting (sample: http://javascript.internet.com/passwords/text-encryption.html) and decrypting using a key generated by a one way function like the one below:

<i>
</i>function OneWay(S) { var j, x, y = 2e50
x = '0.'+parseInt(S.value, 36)
with (Math) { for (j=0;j&lt;10;j++) x = tan(1+x+x*y%1)%1 }
// modify that to keep argument in about 0.25..1.25
return ((x+1)/2).toString(36).substring(2) }


Whatever value you pass to this function should be so obscure and difficult to find out that by the time the client figures out what it is he/she doesn't care anymore and moves on due to its impracticality.
Copy linkTweet thisAlerts:
@_Aerospace_Eng_Jan 06.2007 — And then there is the search engine issue. If you want your site indexed then forget about encrypting it. It will likely move on because it can't read your site. Then there is the fact that javascript can be disabled and would render your page useless.
Copy linkTweet thisAlerts:
@felgallJan 06.2007 — Any method of making the source unreadable to visitors also makes it unreadable to browsers. If the Javascripts don't work to decrypt it then there is always Netscape 7.0 which will save the decrypted copy if you select to save any web page that it can read.
×

Success!

Help @DJRobThaMan spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.20,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...