How to block view source

[sovan]

Hi All !
How to block view source in a web page ?
I do not want to block right click .
How to Block Back button ?
And How to block Save Option of a web Page.

I serached google but did not have exact code.
Please help me.

[r937]

Quote:

Originally Posted by sovan

How to block view source in a web page ?

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>sample page</title>
</head>
<body viewsource="no">
<h1>sample page</h1>
<p>some text</p>
</body>
</html>







actually, i was just kidding -- the only way that is guaranteed to prevent people from viewing your source code is: don't put your page on the internet!!

[sovan]

At least tell me how to encode the source (It is possible).
And also
How to Block Back button ?
And How to block Save Option of a web Page.

[droopsnoot]

I don't believe there is a way to encode the source, other than one or two ways that a small number of browsers support. If you have a look at the MSDN site they've managed to assign the 'back' button to redraw the page you're on, and it's really annoying, IMO this should be avoided at all costs, but if you really need to there's plenty of information available via Google or wherever.

As for blocking the save button, again I can't think that there would be a way to do this that works on all browsers.

Can I ask why you particularly want to go to these lengths? For example, it's a very small bit of code that could just call your web server and retrieve your page into a file on a local PC, so even if you managed to find code to disable "save" on all browsers, someone who wanted to save the page could still do so.

[sovan]

http://www.angelfire.com/ny5/consigl...ncrypted.html/

watch the above link. Here the source code is encrypted.

This page :
http://www.angelfire.com/ny5/consigl...ocksource.html
And the above page are almost same.
But one's view source is encrypted and the other is normal

[r937]

Quote:

Originally Posted by sovan

http://www.angelfire.com/ny5/consigl...ncrypted.html/

watch the above link. Here the source code is encrypted.

it is very poorly encrypted, very easy to read the source:

Code:

<html>
<head>
<LINK REL="SHORTCUT ICON" HREF="http://www.angelfire.com/ny5/consigliere/favicon.ico">
<title>How to block source code viewing Encrypted Do Not Open From Index</title>

<!-- Start of  no right click script -->

<script language="JavaScript">

 <!--
// No rightclick script.
// Find more great scripts and applets at the JavaFile!
// http://www.javafile.com
// Do not delete this header!

var message="Sorry, Right Click Disabled  Copyright © 2001-2002, Consigliere Ltd., All Rights Reserved"; // Put your message for the alert box between the quotes.

// Don't edit below!

function click(e) {
if (document.all) {
if (event.button == 2) {
alert(message);
return false;
}
}


et cetera

[wwb_99]

Quote:

Originally Posted by sovan

Hi All !
How to block view source in a web page ?
I do not want to block right click .
How to Block Back button ?
And How to block Save Option of a web Page.

I serached google but did not have exact code.
Please help me.

Use a windows forms application.

[chestertondevelopment]

You can't plain and simple! Why would you want to? The openess of the internet is one of the main reasons for it's continued success.

If you REALLY wanted to do this you could do it with flash but that brings loads more problems with accessibility and such.

[droopsnoot]

Quote:

Originally Posted by sovan

http://www.angelfire.com/ny5/consigl...ncrypted.html/

watch the above link. Here the source code is encrypted.

That's not encrypted, it's just encoded in a URL-safe method, just like when you pass variables that contain spaces as part of a URL - you can still see most of the keywords. It will put off the casual reader, sure, but again a short bit of code will turn that back into readable HTML page source.

It's similar to a technique someone recently pointed me to where email addresses are specified in this form so that bots can't quite so easily trawl your site for spam lists.

If what you intend to put on the site is so important that you have to take these steps, then you might want to look at protecting it behind some kind of login requirement.

[dhtmlgod]

I'm curious as to why you would want to hide HTML source...

[gollux]

I like the encrypted page from the angelfire site. Typical coder monkey claim by someone who does not know the difference between encoding and encrypting. And the laugh is, yes, you cannot easily read the source, however; if you have a webpage I'd really be interested in knowing the source for, umm, I'd just hash together a perl script of some sort and, then wellnow.

And if I wasn't that technically proficient, I'd just open it up in Textpad, grab a ascii hex chart and universal search and replace these well known encoded characters, until I had a pretty good idea of what is going on which would take only about 5 minutes.

And Coder Monkey PEBKAC legal statement. How do you get the IP address from me when I'm viewing source from my browser cache? Oh, wait, you know that everyone who has performed an http get on your page to view it and generated a log entry is stealing your code!

<!--- We have recorded your ISP address and will take legal action
if you continue to view the source code on this page!
Security, Legal and Copyright Infringement Dept.
Consigliere™ Ltd. --->

followed by 2 screens of crlf to hide it for someone who cannot use the scroll bar.

[r937]

Quote:

Originally Posted by gollux

And if I wasn't that technically proficient, I'd just open it up in Textpad, grab a ascii hex chart and universal search and replace these well known encoded characters, until I had a pretty good idea of what is going on which would take only about 5 minutes.

that's exactly what i did (see post #6), except i used Ultraedit

[gollux]

r937, I like your <body viewsource="no">, that's like sending the new kid on the flightline down to the shop to get a bucket of propwash (airplane mechanic's joke, how do you fill a bucket with wind?).

[gollux]

Oh, and another thought, javascript encoding your web page should be really good for your SEO technique, I think everyone out there that's my competitor shoud really go out there and adopt encrypted/encoded html right now! Do it, it will get you on the first page of every search engine's results page! (Nelson's Ha, Haaaa! here)

[sovan]

I want to encode or block view source because sometimes I do not want to show
the values kept in the hidden fields.

And I have noticed that in some sites the save option is blocked.Immediately I can't remember the name of a site like that category but if I find I will post the link of the site.
Actually what I noticed : when I wanted to save the page, save started but not completed and nothing was saved in the folder where I tried to save that page.It happened once and again. But the other sites did not create any problem while saving.

[sovan]

How to block copy paste in a text box.
I don't want to block Right Click.
I want to block
Ctrl+c and Ctrl+v
and
copy paste option with Rigt Click.

[sovan]

How to block view source in a web page ?
I do not want to block right click .
If view source block is not possible, then how to encode it as if one
opens view source,the one will see the encoded data.

How to Block Back button ?
And How to block Save Option of a web Page.

I serached google but did not have exact code.
Please help me.

[droopsnoot]

If you're trying to hide the values in hidden fields so that you can post them back to another CGI that's in your control, you'd be better off with a different technique, such as storing them in a session file on the server and putting a reference to that in your hidden variables. If it's not in your control, you're going to have a problem because the vars will have to be in the format that the CGI expects, not some encoded or encrypted format.

I don't think you're going to find a solution to this, even in the other threads - whatever you might find working in IE probably won't work in Firefox, or maybe Opera, or Netfront, or Safari, or whatever else the customer uses. You should find a different way for it to not matter IMO.

[AutisticCuckoo]

Don't bother. You can make it a bit more difficult for absolute newbies, but there is no way to prevent people from seeing the markup. The browser must see it to render the page, and if the browser can see it, so can people.

If you don't want people to see the content, don't put it on the Web.

[AutisticCuckoo]

Don't bother. You can't do this. Putting a transparent image on top of the page may slow some n00bs down, but that's all.

If you don't want people to access your content, don't put it on the Web.

[r937]

sovan, please don't double-post

this thread is being merged with your other one

[sovan]

<input type="text" onpaste="event.returnValue=false;" ondrop="event.returnValue=false;" />
In this Paste can be blocked.
But I don't know how to block copy.
Is not it Possible ?

[droopsnoot]

I think it's pretty much the case from all the above that you just can't protect this in the way that you want to. You've got to keep in mind that even if you find a way to prevent the 'copy' function in all current browsers (which given that they can't agree on how to display basic pages is expecting a lot IMO), anyone who wants to get the code from your site will be able to do so - as AutisticCuckoo said, if a browser can see it, people can see it too. If you want to see how easy it is without using a browser just get to a command prompt and type "telnet <your-domain-name> 80" then at the blank screen type "GET / HTTP/1.1" and see what happens.

Sorry, but just asking again doesn't change the answer.

[wwb_99]

Quote:

Originally Posted by sovan

I want to encode or block view source because sometimes I do not want to show
the values kept in the hidden fields.

Attempting to stop view source does not fix this problem. Understanding security does fix this problem. Can you put the values in session variables, or, failing that, the essentially encrypted viewstate?

Also, what values are you putting in these hidden fields that you don't want people to see?

[gollux]

Anything done with javascript can be immediately circumvented. Easy way, run Firefox with QuickJava extension. Any webdeveloper or anyone security minded will probably be running it. Shut off javascript execution and all your backbutton/antisave/userannoyance scripting ceases to function. Your source code with the supposed encryption gets exposed at this point, allowing the user to view source and save it locally. Then it's a cute little puzzle seeing how to get the html source extracted, usually by hacking the javascript to output the decrypted html to an iframe instead of the browser or some such nonsense. SANS had a good little session describing techniques for how they defeat any obfustication type stuff done in an attempt to hide web page exploits. If your information is that valuable that you think it needs hiding, then there is a whole army of people with spare time and nothing else useful to do who will sit down and crack out your supposedly hidden information for fun and profit.

Using encrypted session variables passed in the url or storing this stuff server-side and keying its manipulation to a user session ID as mentioned by posters above is the only way you are going to hide anything. Asking how to hide it by encrypting/encoding html is an extremely widespread noob/tenderfoot question that's been asked so many times that we can build an entire galaxy from the energy that's been expended asking it.