Is there a way to hide javascript code?
Question
I have this script that starts with <script> and finishes with </script>
People can actually see it if they go to the source code of the page.
Is there a way to avoid that? I mean to make that code invisible as if it where PHP?
6 answers
solution1
6 2011-10-22 21:59:31
No, with normal JavaScript it is run on the client-side which means that it must be accessible to the user's browser running it. You can try obfuscating your code, or a newer technology like server-side JS (V8) But for traditional JavaScript it must be run client-side.
solution2
5 ACCPTED 2011-10-22 21:59:50
Edit: Now that you've added a comment that says what you're actually trying to protect is the URL of a video (why don't people just say what they're really trying to do in their question?).
The answer is that you can't protect a video URL that you play in a web page. That can easily be seen lots of ways. Any of the browser debugging tools will show all network traffic to/from the browser which will easily disclose the video URL.
If what you really want to do is to prevent direct linking of the video, then there are some techniques (none of which are foolproof) you can use to prevent most directly linking. If you do a Google search for "prevent direct linking", you will find a lot of articles that discuss this concept. The two techniques I've seen used are:
- On your server that serve's up the video, check the http referrer and only server the video to referrers that you like. While the http referrer can be spoofed by a determined and schooled theif, just this simple step renders most direct linking by most users impractical.
- Require some sort of algorithmic parameter in the URL of the video before it will be successfully servered that your server can check. This can be derived from other content on the site and combined with a data reference or can be issued hourly by your site and embedded in a valid hosting web page, etc...
All javascript in your web page will be visible to anyone who wants to see it.
The only way to truly hide an algorithm is to put it on the server, execute it on the server and either put the result in the web page as it's rendered by the server or use an ajax call to retrieve it.
Because of the way Javascript works in the browser, the code must be available to the browser in order to run it. If it's available to the browser, then it's available to any person who wants to see it.
There are some things you can do to make it more difficult for people to see your javascript, but these are only obstacles that will slow someone down or make them take more time to understand your code, but they can all be overcome by anyone who has enough persistence to do so.
The simplest thing you can do is to minimize your code by running it through one of the free popular minimizer tools (Google Closure or Yahoo's minimizer and there are many others). These tools main goal is to reduce the size of your javascript code, but in the process they also make it a lot less readable by removing indentation, line breaks, renaming local symbols to something short and meaningless, etc...
There are also obscuration tools that purposely obscure your javascript code to make it more difficult to see/understand.
I repeat though. All of these tools can ultimately be defeated and the most they do to thwart a determined snooper is slow them down.
If you really want to protect an algorithm or trade secret or secret code or something like that, you have to put the algorithm on the server and have the code execute only on the server so that the browser can only see the result, not the actual code.
FYI, in most cases, it's never as important to protect your actual code as people think it is. Business success is not achieved by keeping secrets, but rather by getting known and by meeting the needs of customers at an appropriate price.
solution3
1 2011-10-22 22:00:08
No. PHP code is not visible to the user because it is executed on the server. JavaScript code is sent to the user's computer and run there, so it's visible to them.
The best option is to obfuscate your code, to make it difficult to read. This is only an inconvenience; if anyone cares enough they will be able to figure out your code.
solution4
1 2011-10-22 22:00:08
You cannot hide it. But you can obfuscate the javascript so that at least it would be undreadable.
solution5
1 2011-10-22 22:00:21
Yes, you can execute it on the server with SSJS technology.
Check out NodeJS.org
solution6
0 2011-10-22 22:01:13
JavaScript is a client-side scripting language, so it's not possible to hide it from the client. You could obfuscate it, but some clever people could deobfuscate it.
If you really want to hide your code, you could have the javascript call a PHP script through AJAX, although this may be server heavy.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.