Hiding Javascript in Winform


#1

Currently I have a tool which I’ve created using Javascript. I want users to be able to use my tool but not be able to see the scripts. I know that there really isn’t a way to stop users from viewing the source code if the code was written in javascript for web pages.

Out of curiosity, would I be able hide my scripts if I create my tool using Winform and C# and if I call my scripts from C#? I plan to use the scripts for DOM manipulation and grabbing data from the backend. Then if it is possible, I’m going to find a way to display the Winform in a web browser.


#2

Hi,
There is a popular tool called UglifyJS which will make your code unreadable. It is used in production to prevent others from stealing your code. Hope it helps.


#3

UglifyJS minifies a javascript. It does not hide it.


#4

It not only minifies it, it changes the code to make it unreadable e.g. It will turn all variable and function names into something cryptic that doesn’t make any sense.


#5

That means people can still take my script and use it.


#6

Yes, “uglification” will not break code that would otherwise not be broken.


#7

Thank you all for replying. I understand what minification of Javascript is all about. Although it replaces long variable names with short ones or replace them with cryptic names, it does not prevent people from taking my script.

I would like to know if anyone has ever used Javascripts in Winform to manipulate DOM objects and if so are the script hidden from users


#8

Well to my knowledge that’s the industry standard for protecting code so not sure what other options you have left. Hopefully someone else can help.


#9

The purpose of minification is not to protect
scripts but to make them load faster.


#10

Aparently javascript-obfuscator does a better job at obfuscating the code.
https://javascriptobfuscator.com/


#11

thanks for replying. that too is useless as there are tools to undo the obfuscator.


#12

You may be confusing minification and obfuscation. Though similar in some respects they are not the same thing.

If you want others to be able to use the script but not read it, use both. i.e. “uglify” it.

I have the feeling that what you want, is not to interfere with others reading the script, but to maintain control of who and when the script can be used. Others may prove me wrong, but I have a strong feeling JavaScript is not the best language for this and you should look into C# instead.


#13

I understand the two perfectly but like I said there are tools that can undo the obfuscation process. That is why any one who is concerned with maintaining control of his scripts will not use javascript to create a tool.

Please read my original post to find out what I wanted to do


#14

The problem I think, is that what you want to achieve cannot be done with JavaScript.
This StackOverflow thread throws some more light into the matter:


I’m sorry we were not able to help you.


#15

What you can do is to convert as much of your script as you can to server-side code, such as PHP or similar. That way your code is protected on the server, and nobody can see or obtain it.


#16

Hi Paul, thank you so much for replying. I thought about doing what you suggested but I think that it will not be efficient as the server will be hit very often.

I created a web page which displays a simple Javascript popup alert and I successfully displayed it in a webbrowser control of a windows form. I’m happy to say that I’m not able to see the script, markup or, URL of the page.

I think that if no one can find a way to see my script and markup when I’m using Winforms to display my web page, it is what I’m looking for.

Do you know if there is a way to get the script and markup of a web page displayed in a Winform?


#17

Sorry no. Do you mind explaining though why it’s so vital to prevent anyone from seeing your scripting code?


#18

The reason is because my business partner and I have put a lot of time and effort into creating these scripts.


#19

Fair enough. That runs into conflict when you put them on a public web page.
With JavaScript there’s no such thing as public with private bits, or private with public bits.

The only viable solution here is to accept that public is public, and keep other things private on a backend server instead.