faqts : Computers : Programming : Languages : JavaScript

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

13 of 20 people (65%) answered Yes
Recently 8 of 10 people (80%) answered Yes


Methods of encoding a .js file so that other cannot read it?

Apr 7th, 2008 22:58
ha mo, Fred Jounters, Lalit Patel, http://perlmonks.thepen.com/117150.html

You could obfuscate the code by making it rather unreadable by being 
complex (a perl script doing this can be found at 
http://perlmonks.thepen.com/117150.html ). I was thinking about another 
solution though (providing You have access to cgi/perl/..)
Simply include the js as You would with any external javascript, 
but point it to a cgi that reads the js from a file and sends it to the 
<script src="/cgi-bin/path/to/js.cgi" type="text/javascript"></script>
In Your cgi, check for the referer environment variable, if it's empty, 
someone tried to load the js by itself, so don't send out the code You 
want to protect. If it matches the page you included it in, it should be 
ok. However, I know of some Browsers including the "included js sources" 
with all the rest of the html-source. afaik even IE did this sometime 
back. Also: It still is in cleartext in the browsers cache, use pragma:
And - referer info can be faked or turned off in some browsers e.g Opera 
(in which case the user doesn't get the js-code)
Anyway, obfuscating code is either spammers' work or overenthusiastic 
programmer's proudness...
I only use it, when showing work inprogress/demos to possible future 
clients. Else - share Your knowledge!
Btw. Everything that can be programmed/obfuscated, can be reversed !-)