Menu
I know its impossible for 100% protection, but something high or that works for majority of the users.
For instance, I encountered a site where viewing the current page's source returned nothing.
In another case, accessing or trying to download the .js files itself from browser
http://gget.com/somesecret.js,
would redirect you and stuff.
If you obfuscate your code, will it be very very difficult to decode it? if so that is also another good solution (what software is recommended) ?
726
As other have said, there is no way to protect JavaScript intended to run in a browser from a determined viewer. If the browser can run it, then any determined person can view/run it also.
One of the most sneaky uses of JavaScript is cross-site scripting (XSS). Simply put, XSS is a vulnerability that allows hackers to embed malicious JavaScript code into an legitimate website, which is ultimately executed in the browser of a user who visits the website.
It's simply not possible.
For a visitor's browser to be able to execute the script, they have to be able to download it. Not matter what trickery you try to pull with JS, server permissions etc., at the end of the day they can always just wget http://example.com/yourcoolscript.js. And even if they can't (e.g. you require "secret" headers for that request) that would likely inhibit the behaviour of most browsers, while not stopping a determined person from looking anyway.
Fundamentally, because JS is executed client-side, the client must have access to the "original" JS file.
One minor thing you can do is obfuscation, which can help a little bit. But since JS is interpreted, it's also its own deobfuscator - see one of my earlier answers for an example.
Basically - "if you build it, they will look". :-)
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
