SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protect js code without any obfuscation

    Code is below there are two files
    - index.php
    - javascript.php

    copy code and save as below filenames , Now your javscript code is not shown in browser...Enjoy

    index .php
    -------------

    <?PHP
    @session_start(); //Start our session.
    if(!isset($_SESSION['PrintTheJavaScript'])){ //If the session is not registered (and it's not).
    $_SESSION['PrintTheJavaScript']; //Register the session.
    } // End if(@!session_is_registered('Pri...
    $_SESSION["PrintTheJavaScript"] = true; //Set the session value to TRUE.
    ?>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
    <title>Hide Javascript Code</title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
    <script language="javascript" src="./js/test.js"></script>
    <!--Here we call our Javascript page the first time it'll provide us with our javascript code -->
    <script language="javascript" src="./js/javascript.php"></script>
    <!--
    We call the same page again AND THIS IS SECOND PART OF THE TRICK.
    because after we called it the first time it will set the session value to FALSE which mean it will print NOTHING
    -->
    <script language="javascript" src="./js/javascript.php"></script>
    </head>
    <body>
    Try to save this page or go straight from your browser to the (javascript.php) page<br>
    and see if you can get my javascript code.<br>
    YOU'LL NEVER CAN.
    <br/><br/>
    <a href="#" onclick="callme();">Function Click</a>
    </body>
    </html>


    javascript.php
    ---------------------------------

    <?php
    @session_start(); //Start our session.
    header("Cache-Control: no-store, no-cache"); //Tell the browser to not cache this page (don't store it in the internet temp folder).
    header("Content-type: text/javascript"); //Let the browser think that this is a Javascript page.
    //If the session value is TRUE that means the client has opened the main page (which creates our session and sets its value to TRUE).
    if ($_SESSION["PrintTheJavaScript"] == true){
    //Now we can print our javascript code using PHP's echo command.
    echo '
    // Here is our hidden javascript source.
    function callme(){
    alert("javascript hidden code");
    }
    $(function(){
    alert("working");
    });
    // End of our hidden javascript source.
    ';
    }else{
    //If the client tried to open the page straight from the browser (he is trying to see our hidden code).
    // Print some fake code or don't print anything.
    }
    //Set the session value to false AND THIS IS FIRST PART OF THE TRICK.
    //because we are going to call this page again and it'll print nothing (because $_SESSION["PrintTheJavaScript"] <> TRUE)
    //so even if the client tried to SAVE the page this page will be saved empty.
    $_SESSION["PrintTheJavaScript"] = false;
    ?>

  2. #2
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    It was a good effort but you forgot about the developer console which proves it's not possible to protect your JS source.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •