Hiding jquery and javascript - javascript

I'm working on a mvc application (applies to any website though) and was wondering is it ok to leave exposed jquery and javascript in a view? In other words when i run the program and right click and view source I can see all my jquery and javascript. Is that safe and ok? Is there a way to hide all of that so users can't see that? Thanks for any tips.

There is no way of hiding javascript completely from the user. JavaScript is a client side technology. It executes in the browser. If the browser can execute the script, it can also show it to the user.
You can use JavaScript obfuscator software to make the code harder to read, but you can never hide it completely. See http://www.javascriptobfuscator.com/default.aspx for an online example of this.
JQuery and other libraries are also publicy available so there is no harm in the user being able to access it. There is nothing secret about them.
If you have secrets in the code that you want to protect, you should think about putting the affected code on the server if possible instead of doing the processing on the client.

To make it harder for the interested spy to read you can put your scripts inside .js files and obfuscate them. See How can I obfuscate (protect) JavaScript? for more information.

Javascript is is executed on the client, so no there's not really anything you can do to hide it from the client. All you can really do is make it more difficult for a user to read through your code via obfuscation.

What your are looking for is Obfuscation.
There are very different opinions on why you should or shouldn't use it with Javascript.
See How can I obfuscate (protect) JavaScript?

Nope, you cannot hide your JS - remember that the JS is client side scripting and has to be executable at the client which implies that the browser must have access to it. And when the browser has access to it - the user can see it as well :)

Hiding isn't possible, all your JavaScript is needed client side to make your website functional. However you can obfuscate you JavaScript, in other words make in more ugly so nobody can really understand your code, but the browser will.
To obfuscate you javascript code take a look at:
UglifyJS JavaScript minification

hey you can do one thing onload call an action of server side through Ajax call into by returning javascript it will never show in your view source but it can be visible by firebug but its a way to sequre your javascript protuct from others to use it in a easy way i have done it one of my project even by this method you can hide your html too

There's no way to hide it. Anyway there's no reason to do it. If you want to obfuscate Javascript code, you can find software (obfuscators) that make your code more difficult to understand (for a human) and so called minifiers that make your code smaller.
This is a live example of such tools :
http://closure-compiler.appspot.com/home

Related

Is this safe to use to hide code from view code / inspect?

Kindly looking to hide code from view code / inspect element is this safe to use ? I saw this anser here How to hide form code from view code/inspect element browser?
eval(function(p,a,c,k,e,d){e=function(c){return
c.toString(36)};if(!''.replace(/^/,String)){while(c--)
{d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return
d[e]}];e=function(){return'\\w+'};c=1};while(c--)
{if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),
k[c])}}return p}('(3(){(3 a(){8{(3 b(2)
{7((\'\'+(2/2)).6!==1||2%5===0){(3(){}).9(\'4\')()}
c{4}b(++2)})(0)}d(e){g(a,f)}})()})();',17,17,'
||i|function|debugger|20|length|if|try|constructor
|||else|catch||5000|setTimeout'.split('|'),0,{}))
In an answer about as useful as the question,
"No".
Most of us can't read the code because it is packed/obfuscated, and won't invest the time to try to read it.
If you're asking if it will prevent the user from opening the Developer Tools, then I don't know, because that would require me trying to run the code, which I'm not going to do, since I can't read the code and it could be malicious.
If you're asking if it will prevent someone from obtaining the rest of the code on your website, then no, it will not. A determined user could use curl or one of several other tools to retrieve the raw HTML or Javascript.
If you're asking if the code pasted above is secure because it is packed, then no, it is not. A determined user could quite easily analyze the code by hand and, once analyzed, write something to reverse engineer the packed code (that's assuming it uses an unknown packer -- if it uses a well-known packer, then someone has probably already written something to reverse it).
Is there a way to prevent the theft of a website's code?
One can never fully block a determined user from analyzing your code, only make things more annoying from them.
Simply using a minifier/uglifier on Javascript is usually enough to make the code mostly worthless to try to steal, since the cost of trying to analyze, rewrite it and further develop it is usually comparable to the cost of writing the same code from scratch.

Hide source code

I have basic knowledge of html css. I don't want my content to be stolen by people. I want to display content only on my web-page and not on source code. So how can I achieve that?
I cant find a reason to protect your html code. You can go anywhere you want and download the html and css code if you want to, but there is not a good reason to do that.
If you write code in HTML, CSS or JavaScript there is no way you can "protect" your code. They are client side languages, this means your code is executed by that client (anybody).
Client side code is always execute on the client machine. I don't think you need to take care of this because all your logic at server side is not visible to client.
If you want to hide client code there is no way of doing that, but you can use minification just to make unreadable to the end user. But there are tool available in market which can undo the minification also
No you can't.
Because the web browser needs to download the HTML, JavaScript and CSS files to view the web page, there's no way to perfectly hide this. (None of the major browsers even try to do this, and even if they did, it would be easy to work around.)
Instead, what you can do is obfuscate the code. This doesn't hide the code (so it can still be copied) but it makes it harder to understand. This doesn't make it impossible, though, and someone who tries hard enough will eventually manage to do it.

User-hidden alternative to Javascript

I have a piece of Javascript code that changes some values in my HTML. However, for security reasons it would be much better that the end user could not read my code. I know there are ways to obfuscate it, but they can all get cracked with more or less effort. What I would need is some way of executing code on the client's side, just as Javascript does, but by no means visible in the user's machine, like PHP or Perl. Is it possible?
No. If it needs to run on the client, it needs to be visible to the client. You can only obfuscate (maybe Flash or a Java applet is hard enough to crack for you) or go server-side.
we can't hide Javascript code,because code is interpreted on the browser.But we can obfuscate/minify code using third party tools.See the simlar posts here

Is it possible to hide a web based game jQuery code from the user?

I know some of you just feel it is as a completely wrong question but I have a few requirements of such kind that's why I am asking this question. I understand that javascript is downloaded by the browser on client side so it's very difficult to hide that.
So now i have a game code completely written in jquery and i want that the user is not able to see the complete code because:
The owner of the games doesn't want to show the game code to the user.
If a clever user reads the code carefully then he/she might be able to solve the puzzle(it's a puzzle game).
So, is it good enough to use google closure compiler or yui compressor to make the code unreadable & secure for the above requirements?
If you think that it's not possible to do this in the situation then please suggest me any other way of doing this. Do I need to completely rewrite the game code into a server side language then convert it to js using some tool?
Javascript is a client language, for that, you will always need to show the code to the user.
What you can do is compress and minified...
same thing as all Javascript Frameworks outthere, check this original version and compare with the minified and compressed version
This is not a perfect solution in any way, just one option: you may fetch the actual javascript code from the server via AJAX requests and make them runnable, eg. by eval()-ing them.
This will still not hide the code completely, but this makes the source invisible in the source code itself.
By the way obfuscating the source is an other practice to make the code unreadable.
I would suggest not having the entire game in js (i.e. download to the client). No matter what you do to obfuscate the code someone will figure it out and post about it. Put all the game logic and puzzles on the server side with rpc calls of some type. This can be something simple as a php script that you send ajax messages to that checks if a solution increment is correct. The php script would then look up the answer and return a response. Of course it doesn't have to be php, use whatever server side tech you are knowledgeable in.

PHP coding, How to handle javascript & within javascript in the same piece of source code?

Typically, I inject so many javascript in the website. But suddenly, the client told me that he can't render the website correctly, so I check it. I realize that he didn't enable javascript on his side.
So, my question is, should I need two places of source code? one is: index_with_js.php, and one is index.php, all files separate with js and non js version?
It is not a difficult job, but just make people insane to doing this. Any better suggestions?
Really, you should make your website degrade gracefully. Its not too difficult just involves changing the way you work a little bit.
I always build a website as if the user doesn't have JavaScript enabled to ensure its usable without it and I add my JavaScript afterwards. This way you don't have to worry about any complicated redevelopments.
I think you're likely to have to do a lot of work on this particular clients site as it sounds like its JavaScript heavy and since you can't detect whether JavaScript is enabled very easily (or at all?) You're going to have to make sure the website renders in a managable way then add your JS.

Categories

Resources