SitePoint Sponsor |
|
User Tag List
Results 1 to 24 of 24
-
Apr 20, 2007, 01:18 #1
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hiding javascipt functions from visiteurs
Hi All,
Some of web sites (like http://www.marysbridal.com/bridal/5704.htm) uses encrypted java script code to hide javascript from users.
Code:<SCRIPT LANGUAGE="JavaScript"> <!-- document.write(unescape("%3C%53%43%52%49%50%54%20%4 ..........")) --> </script>
-
Apr 20, 2007, 03:22 #2
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
That is a very lame way to hide code...
Code:<textarea id="output"></textarea> <script> var code = "%3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%70%5F%6F%6B%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F%53%43%52%49%50%54%3E"; document.getElementById("output").value = unescape(code); </script>
-
Apr 20, 2007, 05:57 #3
- Join Date
- Apr 2007
- Posts
- 813
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
crunch your js, remove all white space, and obfuscate it.
-
Apr 20, 2007, 05:59 #4
- Join Date
- Apr 2007
- Posts
- 813
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
this link brings you to one obfuscator that is free out there. Hope this might help.
-
Apr 20, 2007, 08:09 #5
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Code:var code = "%3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%70%5F%6F%6B%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F%53%43%52%49%50%54%3E";]
I'm looking to make my javascipt code like above.
-
Apr 20, 2007, 08:15 #6
-
Apr 20, 2007, 08:17 #7
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I'm just seeing a code like %3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22
I want to convert my JS code like this.
-
Apr 20, 2007, 08:19 #8
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Sure, but what would be the point of having your code like that? I am curious.
-
Apr 20, 2007, 08:50 #9
- Join Date
- May 2003
- Location
- Cambridge, UK
- Posts
- 2,366
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Presumably his code is so incredible he doesn't want anyone else to see it. Although if that were the case, you have to wonder why he needs to ask for help to accomplish this...
-
Apr 20, 2007, 08:59 #10
- Join Date
- Apr 2006
- Posts
- 802
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The kind of personal data that needs to be encripted- account numbers and addresses and so on, shouldn't ever be in a javascript source code,no matter how well you obfuscate it.
-
Apr 20, 2007, 11:48 #11
Stop discussing as to why he wants to encrypt his javascript code. If you guys can't help him or won't help him then you do not need to reply!
Jeez!
-
Apr 20, 2007, 11:50 #12
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Explaining to him and asking him what he wants to achieve with this is perfectly valid for this thread. And that is more that I can say about your comment.
-
Apr 20, 2007, 12:10 #13
-
Apr 20, 2007, 12:12 #14
- Join Date
- Dec 2006
- Location
- On the internets
- Posts
- 191
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
If you really want to hide your javascript, why not google "javascript encryption" or "javascript obsfucation" or even "protect javascript". The answers are out there and easy to find if you take the time to look.
-
Apr 20, 2007, 12:15 #15
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
DeNasio. Sorry, no offense, but do you come from a family with Stasi background?
-
Apr 20, 2007, 12:17 #16
-
Apr 20, 2007, 12:27 #17
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
vediam,
Code:<xmp id="code"> <script type="text/javascript"> function greatScript() { alert("really"); } greatScript(); </script> </xmp> <textarea id="superMegaEncryptedCode"></textarea> <script> var code = document.getElementById("code"); var output = document.getElementById("superMegaEncryptedCode"); output.value = escape(code.innerHTML); </script>
Code:document.write(unescape(<here>));
-
Apr 20, 2007, 13:47 #18
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
Since
document.write(unescape("%3C%53%43%52%49%50%54%20%4 .........."))
is unescaping the content it is equivalent to
document.write("<SCRIPT ..........")
which can be easily determined simply by running the code through the unescape function.
See http://www.felgall.com/javamet6.htm where I have a form that makes it easy to do this.Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Apr 20, 2007, 20:49 #19
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Apr 21, 2007, 15:04 #20
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
I have a slightly more effective Javascript encryptor at http://javascript.about.com/library/blenc.htm
This one doesn't increase the size of the code as much because it just converts one character to another single character instead of to three characters so the only additional overhead is the code to convert it back. That conversion code is "escaped" to make the whole thing not so easy to read.
For someone to get your original code back from this they would first need to unescape the conversion code and then set up to run the rest of the code through that converter to recover the original code. This would result in them needing to spend a minute or two extracting the original Javascript rather than the seconds that just unescaping requires and is about as much protection as you can apply to Javascript code.
I have been unable to determine any more effective way of protecting Javascript code than that since the browser needs to be able to decode the encryption in order to run the script and the decryption code therefore must be part of the script itself.
JScript (Microsoft's version of Javascript) does have a better encryption method that can be used with it where the decryptor is built into the browser rather than needing to be supplied as part of the script but using that method limits your script to only being able to work on IE and even that only makes it slightly harder to decrypt.Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Apr 21, 2007, 15:49 #21
- Join Date
- Jun 2004
- Location
- Copenhagen, Denmark
- Posts
- 6,157
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Apr 21, 2007, 21:04 #22
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
What you're asking is basically impossible.
-
Apr 21, 2007, 21:06 #23
- Join Date
- Mar 2007
- Posts
- 44
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I have been unable to determine any more effective way of protecting Javascript code than that since the browser needs to be able to decode the encryption in order to run the script and the decryption code therefore must be part of the script itself.
-
Apr 22, 2007, 00:10 #24
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
Bookmarks