Methods of encoding a .js file so that other cannot read it?
Apr 7th, 2008 22:58
ha mo, Fred Jounters, Lalit Patel, http://perlmonks.thepen.com/117150.html
You could obfuscate the code by making it rather unreadable by being
complex (a perl script doing this can be found at
http://perlmonks.thepen.com/117150.html ). I was thinking about another
solution though (providing You have access to cgi/perl/..)
but point it to a cgi that reads the js from a file and sends it to the
In Your cgi, check for the referer environment variable, if it's empty,
someone tried to load the js by itself, so don't send out the code You
want to protect. If it matches the page you included it in, it should be
ok. However, I know of some Browsers including the "included js sources"
with all the rest of the html-source. afaik even IE did this sometime
back. Also: It still is in cleartext in the browsers cache, use pragma:
And - referer info can be faked or turned off in some browsers e.g Opera
(in which case the user doesn't get the js-code)
Anyway, obfuscating code is either spammers' work or overenthusiastic
I only use it, when showing work inprogress/demos to possible future
clients. Else - share Your knowledge!
Btw. Everything that can be programmed/obfuscated, can be reversed !-)