SitePoint Sponsor

User Tag List

Results 1 to 24 of 24
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hiding javascipt functions from visiteurs

    Hi All,

    Some of web sites (like http://www.marysbridal.com/bridal/5704.htm) uses encrypted java script code to hide javascript from users.

    Code:
    <SCRIPT LANGUAGE="JavaScript">
    <!--
    document.write(unescape("%3C%53%43%52%49%50%54%20%4 .........."))
    -->
    </script>
    How can I do this?

  2. #2
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That is a very lame way to hide code...

    Code:
    <textarea id="output"></textarea>
    
    <script>
    var code = "&#37;3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%70%5F%6F%6B%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F%53%43%52%49%50%54%3E";
    
    document.getElementById("output").value = unescape(code);
    </script>

  3. #3
    SitePoint Guru
    Join Date
    Apr 2007
    Posts
    813
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    crunch your js, remove all white space, and obfuscate it.

  4. #4
    SitePoint Guru
    Join Date
    Apr 2007
    Posts
    813
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this link brings you to one obfuscator that is free out there. Hope this might help.

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    var code = "&#37;3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%70%5F%6F%6B%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F%53%43%52%49%50%54%3E";]
    How did you produce this code?

    I'm looking to make my javascipt code like above.

  6. #6
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vediam View Post
    How did you produce this code?

    I'm looking to make my javascipt code like above.
    And exactly what would be the point of that? Its not like you will be hiding code or something. It takes, as you saw, 0.01 seconds to see the real code.

  7. #7
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm just seeing a code like %3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22

    I want to convert my JS code like this.

  8. #8
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure, but what would be the point of having your code like that? I am curious.

  9. #9
    Caveat surfer Buddy Bradley's Avatar
    Join Date
    May 2003
    Location
    Cambridge, UK
    Posts
    2,366
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Presumably his code is so incredible he doesn't want anyone else to see it. Although if that were the case, you have to wonder why he needs to ask for help to accomplish this...

  10. #10
    SitePoint Guru
    Join Date
    Apr 2006
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The kind of personal data that needs to be encripted- account numbers and addresses and so on, shouldn't ever be in a javascript source code,no matter how well you obfuscate it.

  11. #11
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Stop discussing as to why he wants to encrypt his javascript code. If you guys can't help him or won't help him then you do not need to reply!

    Jeez!
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  12. #12
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Explaining to him and asking him what he wants to achieve with this is perfectly valid for this thread. And that is more that I can say about your comment.

  13. #13
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pepejeria View Post
    Explaining to him and asking him what he wants to achieve with this is perfectly valid for this thread. And that is more that I can say about your comment.
    Explaining to him and asking him is ok. But can you tell me what kind of explanation or question you are asking with your comments below?

    Quote Originally Posted by Pepejeria View Post
    That is a very lame way to hide code...
    Quote Originally Posted by Pepejeria View Post
    And exactly what would be the point of that? Its not like you will be hiding code or something. It takes, as you saw, 0.01 seconds to see the real code.
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  14. #14
    SitePoint Zealot chrisdpucci's Avatar
    Join Date
    Dec 2006
    Location
    On the internets
    Posts
    191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you really want to hide your javascript, why not google "javascript encryption" or "javascript obsfucation" or even "protect javascript". The answers are out there and easy to find if you take the time to look.

  15. #15
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DeNasio. Sorry, no offense, but do you come from a family with Stasi background?

  16. #16
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pepejeria View Post
    DeNasio. Sorry, no offense, but do you come from a family with Stasi background?
    No, do you?
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  17. #17
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    vediam,
    Code:
    <xmp id="code">
    <script type="text/javascript">
    function greatScript() {
    	alert("really");
    }
    
    greatScript();
    </script>
    </xmp>
    
    <textarea id="superMegaEncryptedCode"></textarea>
    
    <script>
    var code = document.getElementById("code");
    var output = document.getElementById("superMegaEncryptedCode");
    
    output.value = escape(code.innerHTML);
    </script>
    grab the code in the text area and paste it in between where it says <here>
    Code:
    document.write(unescape(<here>));
    But again, you don't gain anything from doing this

  18. #18
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Since

    document.write(unescape("&#37;3C%53%43%52%49%50%54%20%4 .........."))

    is unescaping the content it is equivalent to

    document.write("<SCRIPT ..........")

    which can be easily determined simply by running the code through the unescape function.

    See http://www.felgall.com/javamet6.htm where I have a form that makes it easy to do this.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  19. #19
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vediam View Post
    I'm just seeing a code like %3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22

    I want to convert my JS code like this.
    Because, I do it sometinh special, and I don't want to somebody see this.

    But as I see, escape code is not safely protect my javascript code.

  20. #20
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    I have a slightly more effective Javascript encryptor at http://javascript.about.com/library/blenc.htm

    This one doesn't increase the size of the code as much because it just converts one character to another single character instead of to three characters so the only additional overhead is the code to convert it back. That conversion code is "escaped" to make the whole thing not so easy to read.

    For someone to get your original code back from this they would first need to unescape the conversion code and then set up to run the rest of the code through that converter to recover the original code. This would result in them needing to spend a minute or two extracting the original Javascript rather than the seconds that just unescaping requires and is about as much protection as you can apply to Javascript code.

    I have been unable to determine any more effective way of protecting Javascript code than that since the browser needs to be able to decode the encryption in order to run the script and the decryption code therefore must be part of the script itself.

    JScript (Microsoft's version of Javascript) does have a better encryption method that can be used with it where the decryptor is built into the browser rather than needing to be supplied as part of the script but using that method limits your script to only being able to work on IE and even that only makes it slightly harder to decrypt.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  21. #21
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    This would result in them needing to spend a minute or two extracting the original Javascript rather than the seconds that just unescaping requires and is about as much protection as you can apply to Javascript code.
    Actually, redefining document.write does the trick.

    Quote Originally Posted by vediam View Post
    Because, I do it sometinh special, and I don't want to somebody see this.

    But as I see, escape code is not safely protect my javascript code.
    What you're asking is basically impossible. Sorry, but you need to rethink your strategy.

  22. #22
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What you're asking is basically impossible.
    Actualy, I don't asking for impossible. I know it isn't secure to view source code. But, if It's difficult to read, difficult to solve, difficult to understant for somebody who is interested in, it will be enough for me.

  23. #23
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have been unable to determine any more effective way of protecting Javascript code than that since the browser needs to be able to decode the encryption in order to run the script and the decryption code therefore must be part of the script itself.
    Thank you for your time. Your message was very valuable for me.

  24. #24
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by kyberfabrikken View Post
    Actually, redefining document.write does the trick.
    That is assuming that the code actually uses the antiquated document.write method of writing to the page from Javascript. All modern scripts would use DOM calls or innerHTML and so redefining document.write would have no effect.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •