How hide src url of loaded iframe, is it possible?
Maybe there is a secret?
Is it possible to upload html to cache in iframe and after hide url?
Another good feature is to hide the location paths of your important scripts. I found a great npm plugin for this https://www.npmjs.com/package/location-hide
This works also for php href, src, content it will use everything inside src=""
It turns
<script src="test/folder/sample.js" type="text/javascript"></script>
<link href="test/stylesheet/perfect-scrollbar.css" rel="stylesheet">
into
<script src="TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR" type="text/javascript"></script>
<link href="gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq" rel="stylesheet">
And it generate new jquery include codes like this to include your scripts with javascript in a external file
$('[src=\'TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR\']').attr("src", "test/folder/sample.js")
$('[href=\'gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq\']').attr("src", "test/stylesheet/perfect-scrollbar.css")
Also I would suggest you that you include all of your external javascript codes in 1 single js file. This file you place in the root of your index file that you can make this
<script src="./allinone_external_file.js" type="text/javascript"></script>
Then make right htaccess that nobody can acces this file. You can also make a fake import script for the source code that every body can see. But this file is only a redirect for the real external js file. you make this multiple times as example + use other obfuscation tools. This will protect you from people searching exploits with your javascript codes. I know its no big deal and maybe you can see the jquery include codes if you know how. But anyway it´s a great protection.
What you are describing isn't possible, but you can encrypt the URL so it looks like the example below:
src="/my-page.php?a=x3d!evIc2HwXyny3JmcgLSvNwdy"
You can do ...:
.html file
<script src="jquery" type="text/javascript"></script>
.htaccess
RewriteEngine on
RewriteRule ^jquery?$ file_url/test.js?v=1.1.3 [NC,L]
Related
I'm trying to use JavaScript functions from the a JavaScript library in my JSP file to display the result on a web-browser page, but it seems like the inclusion didn't work.
I actually put the .js file corresponding to the library in the WEB-INF folder and added the following line in the JSP file to include it in it :
<script type="text/javascript" src="./jsgl.min.js"></script>
I successfully managed to use the library in a simple HTML file, that's why I don't understand why this doesn't work.
EDIT :
TLDR
Put the JS file in a folder under web content (but not WEB-INF) like [WebContent]/js/jsgl.min.js, and use the following in the JSP:
<script type="text/javascript" src="${pageContext.request.contextPath}/js/jsgl.min.js"></script>
Explanation
JSP files are compiled by the server, then processed to send data (typically HTML) back to the web browser. A <script> tag is a HTML tag that gets interpreted by the browser, not by the servlet container. So the browser sees that in the HTML then makes a new request to the server for the JavaScript file in the src attribute.
The src attribute is relative to the URL that the browser asked for, not to the path of the JSP on the server.
So as an example, let's say:
The browser asks for a page at http://example.com/SomeWebApp/some-resource
The servlet container internally forwards the request to a JSP at /WEB-INF/jsp/somepage.jsp
The response sent to the browser contains the script tag <script type="text/javascript" src="./jsgl.min.js"></script> (as in your question)
The browser sees the URL ./jsgl.min.js and resolves it relative to the URL it has asked the server for (which in this case was http://example.com/SomeWebApp/some-resource - note there is no trailing '/') so the browser will request the JS file from http://example.com/SomeWebApp/jsgl.min.js*. This is because the relative URL in the script tag's src attribute starts with a '.'.
Another answer suggested putting the JS file in a 'js' folder and changing the script tag to <script type="text/javascript" src="/js/jsgl.min.js"></script>. Using the same original page URL as in the example above, the browser would translate this src URL to http://example.com/js/jsgl.min.js. Note that this is missing the "/SomeWebApp" context path.
The best solution therefore is indeed to put the JS file in a static folder like /js/jsgl.min.js, but to use the following in the JSP script tag:
<script type="text/javascript" src="${pageContext.request.contextPath}/js/jsgl.min.js"></script>
The JSP will translate the ${pageContext.request.contextPath} bit into the current context path, making the code portable (if you redeploy the webapp with a different context path, it will still work). So the HTML response received by the browser will be (again, sticking with our example above):
<script type="text/javascript" src="/SomeWebApp/js/jsgl.min.js"></script>
The browser will now resolve that relative URL to the correct target.
__
*If the original URL had a trailing slash = i.e., was http://example.com/SomeWebApp/some-resource/, the JS URL would be http://example.com/SomeWebApp/some-resource/jsgl.min.js
Static resources should be put outside the WEB-INF folder (as you would typically not allow web access to its content).
You could put the file under webapp/js/, then change your script import to:
<script type="text/javascript" src="/js/jsgl.min.js"></script>
In addition to being good practice, this is good as it is not relative to the location of the JSP file.
Files in WEB-INF are inaccessible.
You may put them under webapp and try accessing as mentioned above.
I'm starting a chrome app. But things like this doesn't work for security reason.
<script src='https://code.jquery.com/jquery-1.11.0.min.js'></script>
<script src='app.js'></script>
So how to add those 2 kind of script to my app?
I tried different things in the manifest file but none of them have been successfull
The simplest way to avoid security issues is to download jquery-1.11.0.min.js and place it in your script directory. This will ensure you won't have security SOAP issues. Then include the files like this:
<script src='/example_local_directory/jquery-1.11.0.min.js'></script>
<script src='/example_local_directory/app.js'></script>
At the bottom of every page, I have a .php include that links to all my .js files.
<?php include 'Core/js.php';?>
Within this .php I have this code;
<script src="../js/jquery.min.js"></script>
<script src="../js/jquery.dropotron.min.js"></script>
<script src="../js/skel.min.js"></script>
<script src="../js/skel-layers.min.js"> </script>
<script src="../js/init.js"></script>
<script src="../js/slider.js"></script>
This works perfectly for my pages placed in my root folder, ie "index.php"
However, the pages that are located in folders, don't seem to call the javascript when I use the .php include such as;
<?php include '../../../Core/js.php';?>
Although, when I don't use the include funtion, and just paste the < script>, it calls it perfectly. This wouldn't be a huge problem for me, but it doesn't allow the mobile site to run properly.
The first pages such as "index.php" have the mobile navigation, whereas pages located in the folders and don't have the php include code, don't have the same user friendly navigation. If someone could help me fix this, that would be great!
I think your problem is about paths.
When you execute: <script src="../js/jquery.min.js"></script> in your browser, it looks at the URL and goes from there. Let's say you're in http://example.com/products/index.php. The browser will try to load the JS from http://example.com/products/../js/jquery.min.js, which is http://example.com/js/jquery.min.js.
To avoid this, you should use absolute paths, like:
<script src="/js/jquery.min.js"></script>
Then it will always try to load http://example.com/js/jquery.min.js independently from the current URL.
As for PHP includes, I would advise you to use absolute paths when including files. There are many strategies, like using $_SERVER['DOCUMENT_ROOT'], using dirname() functions, using a global variable with your includes path, etc.
Whatever you choose, your includes should look something like:
<?php include '/var/www/includes/Core/js.php'; ?>
I'm assuming your folder structure is something like this:
/
index.php
js
jquery.min.js
jquery.dropotron.min.js
skel.min.js
...
Core
js.php
content
some folder
HTML files
...
So if you are inside content -> some folder -> html file your js.php should reflect this:
<script src="../../js/jquery.min.js"></script>
as you could see the path changes and thats where your error comes from
Use the absolute path. Your absolute path is the actual location on the server. An easy way to find it is look at the path you're connecting to with ftp.
It might look something like this /home/username/public_html/Core/js.php
Is it possible to have a JavaScript file with .css extension instead and still work inside the <script src="myJs.js"></script>?
Reason? webs.com won't accept .js files unless you're a Pro user. I've tried using Dropbox as host, but it becomes too slow.
Have you tried to force content type in the script tag ?
<script type="text/javascript" src="myJs.css"></script>
I have my index.html at the root of my web host, and my javascript file is in a directory(JavaScript) which is also at the root. How can I link my index to the js file? I did the following, but it's not working: <script type="text/javascript" src="JavaScript/filename.js"></script> in the head. It works when I do the inline javascript
<script type="text/javascript" src="JavaScript/file.js"></script>
Loads the file.js in the subdirectory "JavaScript". It'll work unless a base href is specified.
Edit: I see now that's pretty much what you had. Should work. You got full code or URL?