FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


I need a fool-proof anti-source view javascript.





bladesage
Okay, so now I can stop users from viewing the context menu with the mouse using something like:
Code:

<img src="pic1.gif" alt="" oncontextmenu="alert('No saving or copying my images!');return false">


Now that people can't actually right-click on the pictures to save/copy them (they can still select them and use ctrl+c), I don't want people to view my source code. This can be done by clicking pretty much anywhere and choosing view source, or clicking view>>source. I can stop them from using the right-click at all with:
Code:

<script language="javascript" type="text/javascript">

document.oncontextmenu = return false

</script>
</html>


That still leaves the View>>Source option in the toolbar, which I don't want them using. I could get rid of the toolbar with:
Code:

<a href="javascript:window.open('thepage.htm', 'toolbar=no')">


The prob with that being that it can also be worked around quite easily by even a novice, and I may still want the toolbar for my purposes.

I need help/suggestions PLEASE!!!
Stubru Freak
There is a short but really good article on this subject, which describes a way it is COMPLETELY impossible to get the source code of your page with any software available today. You should check it out:

http://home.hiwaay.net/~taylorc/www/authoring/hiding-source/
bladesage
Stubru Freak wrote:
There is a short but really good article on this subject, which describes a way it is COMPLETELY impossible to get the source code of your page with any software available today. You should check it out:

http://home.hiwaay.net/~taylorc/www/authoring/hiding-source/


Yes, that's nice, but it also makes it so that the browser can't read it, either. How does this help me, exactly? Sure, the visitor would get nothing out of viewing the source, but why would they want to, if the source is a bunch of x's? Why would they even visit a page that is nothing but x's in the first place? Didn't you see that page? LOOK AT IT!! It's useless!
Stubru Freak
bladesage wrote:
Stubru Freak wrote:
There is a short but really good article on this subject, which describes a way it is COMPLETELY impossible to get the source code of your page with any software available today. You should check it out:

http://home.hiwaay.net/~taylorc/www/authoring/hiding-source/


Yes, that's nice, but it also makes it so that the browser can't read it, either. How does this help me, exactly? Sure, the visitor would get nothing out of viewing the source, but why would they want to, if the source is a bunch of x's? Why would they even visit a page that is nothing but x's in the first place? Didn't you see that page? LOOK AT IT!! It's useless!


It's a joke of the author of the article. His real point is this:

http://home.hiwaay.net/~taylorc/www/authoring/hiding-source/ wrote:
On the other hand, if you want your HTML documents to be readable (like the document you're reading right now), then you cannot hide the source. The browser must have access to clear HTML source in order to produce a readable rendition for the user. There is no way to produce an HTML document that can be viewed in a browser window but whose source cannot be examined.

If you're afraid of having your material copied or stolen, and you don't believe copyright protection will adequately protect your interests, then don't publish your material on the World Wide Web--or at least don't publish it in HTML. You'll have to find another distribution mechanism, or another media , that provides the security you need.
Arnie
Anything that can be read, can be stolen. In fact, I'm right now stealing the guy's X-es, muahahaha!!!!!1!!one!!1!cos(0)!!!!!!

So, to get serious now. One way of making it a lot harder could be using a difficult iframe structure that will take someone who looks at the source a while to understand. It's up to you if you will use this technique (that has a lot of opposition) or not. I'm not going to defend it before the high court of sceptical forums users. They can go sue somebody else. It's interesting though how people are so very strict at relatively unimportant subjects as this, while on other matters the general attitude is "ah, who cares, do whatever you like"...
bladesage
Stubru Freak wrote:
It's a joke of the author of the article. His real point is this:

http://home.hiwaay.net/~taylorc/www/authoring/hiding-source/ wrote:
On the other hand, if you want your HTML documents to be readable (like the document you're reading right now), then you cannot hide the source. The browser must have access to clear HTML source in order to produce a readable rendition for the user. There is no way to produce an HTML document that can be viewed in a browser window but whose source cannot be examined.

If you're afraid of having your material copied or stolen, and you don't believe copyright protection will adequately protect your interests, then don't publish your material on the World Wide Web--or at least don't publish it in HTML. You'll have to find another distribution mechanism, or another media , that provides the security you need.


Yes, I get that. The thing is, there should be a way around it. I could have sworn I saw something like what I'm looking for somewhere.

After all, I did manage to get this far by myself. So with help, I could at least have some hope of getting this. There is the old enter trick, but it doesn't work against experienced surfers, and it takes up additional space on the server. It just seems there must be some way... Think...
Stubru Freak
Arnie wrote:
Anything that can be read, can be stolen. In fact, I'm right now stealing the guy's X-es, muahahaha!!!!!1!!one!!1!cos(0)!!!!!!

So, to get serious now. One way of making it a lot harder could be using a difficult iframe structure that will take someone who looks at the source a while to understand.


Yeah you can steal the X'es, but you can't steal his real source. It is encrypted using this genial one-way hashing function!
Arnie
bladesage: Yuo can easily figure it's impossible. If something can be viewed, it can be stolen! I don't need to prove that, hopefully. All yuo can do is make it harder. Most real experienced people won't bother stealing stuff, so if yuo can make it very hard, yuo're pretty safe. The best thing I can think of is some encryption in the source, that browsers can decrypt. This could be done with small images, if I'm correct.
Stubru Freak
Arnie wrote:
bladesage: Yuo can easily figure it's impossible. If something can be viewed, it can be stolen! I don't need to prove that, hopefully. All yuo can do is make it harder. Most real experienced people won't bother stealing stuff, so if yuo can make it very hard, yuo're pretty safe. The best thing I can think of is some encryption in the source, that browsers can decrypt. This could be done with small images, if I'm correct.


Then you can still easily view the DOM source using firefox, which is the source after rendering this encryption (and other javascript, and tag soup).

Edit: Ctrl-A -> Right click -> View selection source
bladesage
Starbu Freak wrote:
Yeah you can steal the X'es, but you can't steal his real source. It is encrypted using this genial one-way hashing function!


Yes, but I need to get what the encryption is. If I know he has a really good encryption, but I can't figure out what the heck it is, then it can't help me much.

I'm no good at encrypting (I know absolutely nothing on it). I need something I can actually use.
Arnie
Arnie wrote:
All yuo can do is make it harder.
Cutting out the non-FF-users seems a good step to me. Unless yuo argue that it's not only t3h pr0s (that would thus not likely steal your source, see previous post) that use Firefox - then it would still be useful, but less.

Off-topic: I'd love to have yuo argue that not only pr0s use FF, because I dislike that stupid 'elite feeling' FF-users have.

To bladesage: that X-site has no real encryption dude. It's just a joke, ok! There's no need for any serious interpretation, except that the site's author basically hates people who want to encrypt their site. And secondly that the author thinks he's better than yuo (look at the first words on that site :/ lame)
Stubru Freak
Yes it's true, my mother and sister use firefox. My mother says it's more user-friendly, and my sister just doesn't get the chance to open any software-install dialog she sees (because she doesn't see them because of the pop-up blocking (those things only show up on porn sites and pop-ups)). So firefox isn't an elite program at all.

But to the point: I'm not going to help here unless you can give me a really good reason why your website is too special to be open-source.
Arnie
Oi, the trial has begun. </sarcasm>
bladesage
Stubru Freak wrote:
But to the point: I'm not going to help here unless you can give me a really good reason why your website is too special to be open-source.


I'm not asking for attitude, I'm asking for help.
Stubru Freak
No really, html is open source, so if you don't want it to be open-source you have several other options:

Publish it as a pdf.
Publish it as a png, gif, jpeg, your choice.
Publish it as an executable! (Useful link: http://cplus.about.com/od/beginnerctutorial/)

OK I'll try and help :p
A good way to completely disable source viewing in IE with javascript enabled, is this:
Place your main page in a frame/iframe. In the frame/iframe, place the following javascript:

Code:
if(window == parent){ // Then it isn't framed
location.href = "Link to your frameset";
}


Or something similar :p Been a while since I last did something like this.

Edit: and then disable context menu on your page of course.

But really, all protection fails if javascript is disabled.
bladesage
Stubru Freak wrote:
No really, html is open source, so if you don't want it to be open-source you have several other options:

Publish it as a pdf.
Publish it as a png, gif, jpeg, your choice.
Publish it as an executable! (Useful link: http://cplus.about.com/od/beginnerctutorial/)

OK I'll try and help :p
A good way to completely disable source viewing in IE with javascript enabled, is this:
Place your main page in a frame/iframe. In the frame/iframe, place the following javascript:

Code:
if(window == parent){ // Then it isn't framed
location.href = "Link to your frameset";
}


Or something similar :p Been a while since I last did something like this.


Okay, thanks for the help. I'm not sure how much of that I can use, but perhaps I can pull something together by combining some of the tips on this page. If not, thanks for the help, anyways (all) Very Happy.
Arnie
That's indeed the method I meant! Smile Using multiple frames makes it even more annoying. The only way to get your source like that is disabling javascript, or using a complete-site-download program.
Aredon
If you really want your users to be unable to view your page's source, maybe JavaScript isn't what you should be programming it in. May I suggest learning how to use Java Applets and or Flash.
Arnie
That's true, to copy from those (if selecting is disabled and the file can't be opened in an editor, i.e. it's compiled) it may even be required to copytype everything manually.

CHM help files are compiled HTML files. If you can disable selection and right-clicking there (I haven't tested this) the same applies. Microsoft HTML Help Workshop is a compiler for CHM. One downside is, I think it can also decompile (not sure). Of course you could also make your own executable in some programming language, but that's a lot of extra effort. A downside of that (and of CHM too) is you usually can't open them in the browser as a webpage (there might be some embedding solution...). CHM files are opened with HH.exe, and an executable has to be run like any other program - it makes its own window.

An example CHM file can be found here. You will probably have to save it somewhere and then open it.
wumingsden
These links may be useful to you:

Scramble your source code

http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=js%2edb&command=viewone&id=69&op=t
- Hide Your Source Code

Note that I have never tested these methods, make sure you back up your files first !!!
otaku
If it's just the javascript you want to hide, you could put your javscript in an external file and put it in a protected folder using the .htaccess.

That way you can use the javascript in your pages but the user can't directly see it. (That's what I do)
KHO
oh yah, here is something l almost totally forgot about till just now Neutral
You can stop IE users from viewing your source (since IE is your apparent taget in this) Neutral

All you do is make some spyware that will install a hidden folder that won't be deleated easily, and the name of the folder will be Notepad Neutral Try it out, just make a new folder on your desktop that is named Notepad then go view the source of any page Neutral Problem solved Neutral For crappy IE anyway Neutral
Stubru Freak
otaku wrote:
If it's just the javascript you want to hide, you could put your javscript in an external file and put it in a protected folder using the .htaccess.

That way you can use the javascript in your pages but the user can't directly see it. (That's what I do)


Won't work. A web browser will not be able to open it, not even to use it on the page. And if you include it with a server-side language, it will show up in the page source.
cavey
I knew I had seen something like this before, and after some heavy googling I found this online convert tool:

HTML Obfuscator:
http://tool-galaxy.remiya.com/html/3.html

In this online tool (press the "HTML Obfuscator"-button), you can insert your html-code, and get a complete unreadable java script you can have on your web page instead. Your site will only works with javascript enabled browsers. If javascript is disabled your page will not show at all, neither will it show your real source code.

Is it fool proof? I don't know. Will it make your site slow? I don't know that either. I haven't tried that tool my self, nor will I. But I think that if someone can read your source code from this, they probably do not need to copy someone elses html code anyway.

Good luck hiding your source whatever reason you may have. Remember not to publish anything on the web, that is important that other people can not see.

Edit: I have put up a test page here
(not firefox-proof though...)
Arnie
Otaku, you say it works for you.
Quote:
(That's what I do)
Could you make a small example site with just one javascript alert box or whatever, of which the source code is hidden? I'm interested if this will work. Smile

And could we please remember this isn't an IE-bashing thread. There are other places to spam your Neutral kthxbye.
warallthetm
Go to the top of your html document ( Imean before any code!) Then hold down the enter key for a minute or so. When the Thief wants to view the source all they will see it a blank page. This will fool amuture thieves, but if the person knows better, then will just scroll down Smile
Related topics
*OFFICIAL* Which Browser do you use?
nice background effect
Text stecked to the mouse
Save webpage source into javascript variable
do you know is it possoible to hide view source menu?
The 5 Golden Rules of Professional Design
URL Redirection - Javascript+HTML, so simple...
`Things to know for real Computer NOOB'
Get page source in javascript
hide your code
State your Political Philosophy! (1000 FRIH$ to the best!)
IE doet gek: geen source view
NoD32
Oh, my gosh.......!!
Reply to topic    Frihost Forum Index -> Scripting -> Others

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.