Menu
I have JavaScript scripts in my application containing JavaScript and jQuery functions. All user interaction with my application is dynamic and it's passing to the application through jQuery.
What I realized is, when I run my application, on the client side, the client can see my all source code by viewing page source (Ctrl + U).
How can I hide or do something so that user can't understand or read the source?
I want to do something like what Facebook does. By viewing Facebook source user can't reuse its source code or even understand it.
I googled and found that this process is called obfuscation, but this doesn't work for me.
I tried this:
http://www.javascriptobfuscator.com/default.aspx
and
http://dean.edwards.name/packer/
and
http://www.daftlogic.com/projects-online-javascript-obfuscator.htm
even i tried http://www.jasob.com/
But it's of no use for me.
393
Javascript Obfuscator converts the JavaScript source code into obfuscated and completely unreadable form, preventing it from analysing and theft. It's a 100% safe JavaScript minifier and the best JavaScript compressor.
Generally, code obfuscators make your code unreadable by replacing meaningful variables names with things like $a , $b , etc., and by removing comments, whitespace, and whatever other conveniences we normally use to make code readable.
Encrypting some or all of a program's code is one obfuscation method. Other approaches include stripping out potentially revealing metadata, replacing class and variable names with meaningless labels and adding unused or meaningless code to an application script.
If someone really cares about your code he will take the workload of un-minifying (replacing random with useful variable/function names). Anything else such as "encrypting" or packing is just snake oil since it can be reverted extremely easy. So save yourself some work and rather spend it on making your application better.
So: The only thing you should do on a production system is minifying your JS code. This makes it smaller and thus faster to load - so it is an actually advantage. Besides that, it will make it less readable to people who are just curious for a quick look but don't want to spend time on it.
The facebook JS files for example are just minified by the way - most likely just for bandwidth/performance reasons.
The easiest way to minify your JavaScript is using Google's web service for it: http://closure-compiler.appspot.com/home
Note that it has an 1MB limit so if your JS is that huge, you might need to download the Java-based minifier to run it locally.
96
Everything ThiefMaster says is true. It's also worth noting that your apps should be designed with the assumption users can see and manipulate everything on the client. If you're worried about obfuscation because you think it will prevent users from seeing sensitive data or manipulating information such as prices, then you need to redesign your application so that secure logic resides on the server.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
