5

I have some javascripts that I am using in my files. But when we view the source code it shows our javascript as it is. Is there any way with which we can hide our javascript from showing up in the browser using php.

SilentGhost
  • 307,395
  • 66
  • 306
  • 293
developer
  • 2,042
  • 10
  • 40
  • 59

7 Answers7

7

There is a free javascript obfuscator at javascriptobfuscator.com. It will not prevent dedicated people from "stealing" your code, but normal copy&paste will not be easy.

Also see this question: How can I obfuscate (protect) JavaScript? . It contains some very good answers and also explain how this is security through obscurity.

Community
  • 1
  • 1
Espo
  • 41,399
  • 21
  • 132
  • 159
5

That's how it works, it visible to everyone. You can obfuscate it, though.

slipbull
  • 1,477
  • 1
  • 11
  • 27
4

As Javascript is executed inside the browser, on the client's machine, it has to be sent to that client machine.

So, one way or another, the client has to be able to read it. So, no, you cannot prevent your users from seeing the JS code if they want to.

You could obfuscate it, but someone who really want to get to your source will always be able to (event if it's hard)... But the thing is : why would you prevent your users from seeing the JS source code if they want to ?

As a sidenote : with minified/obfuscated JS code, when you'll have a bug, it'll be really harder to track down... (and you really have to keep a no-obfuscated version on your development/testing machine)

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663
2

I recommend minifying it and that will remove the comments and white spacing from your code. If you don't want the names of the variables visible then you will need to obfuscate it.

AutomatedTester
  • 22,188
  • 7
  • 49
  • 62
1

I'm not sure if this will work, I may try it sometime. But basically:

<script type="text/javascript" src="MyScript.php"></script>

In the PHP file add some sort of refering to check what page requested it or what the last page was. Then if it was one of your own pages, then echo the JS, if not then don't echo it. It will still be possible to read the JS, but even harder than just viewing source and de-obfuscate it. So you could also obfuscate the code inside the .php file.

TylerF
  • 21
  • 1
0

no. javascript executes on the client side.

troelskn
  • 115,121
  • 27
  • 131
  • 155
-2

There is another way of hiding the Javascript for the most simple users

Just test here to try finding the javascript behind the textbox...

Yet, the script is still visible for experienced users -see the bottom of this post to understand why-

The idea is to put your javascript functions in a separate ".js" file. When loading your source PHP or HTML page, instead of calling it directly with 

<SCRIPT language="JavaScript" SRC="original_file_to_hide.js"></SCRIPT>

, you will include a header php script that will copy the "mysource.js" file to a random "kcdslqkjfldsqkj.js" file, and modify your HTML file to call 

<SCRIPT language="JavaScript" SRC="temporary_copy_of_the_file.js"></SCRIPT>

instead. After that, just delete the copy kcdslqkjfldsqkj.js file on your server, and when the user will look for the source code, the browser will link to a vanished file !!!

So this is for the theory, next, there is a small issue to workaround : if the HTML/PHP file is loaded too fast, your script will be vanished from your server before the browser had time to load the script.

Thus, you need

  1. To copy the file to a different random name
  2. To load the file in the source PHP file
  3. To wait a few seconds after your HTML/PHP file is loaded before...
  4. ...Deleting the file

Here is the source for the HTML/PHP "test.php" page which is to be displayed to the end-user:

<?php
    //javascript source code hiding technique : Philippe PUECH, 2013

    //function thanks to Stackoverflow, slightly modified
    //http://stackoverflow.com/questions/4356289/php-random-string-generator
    function RandomString()
    {
        $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
        $randstring = '';
        for ($i = 0; $i < 10; $i++) 
            {
                $randstring = $randstring.$characters[rand(0, strlen($characters))];
            }
        return $randstring;
    }

    //simple header script to create a copy of your "precious" javascript ".js" file
    $original_filename="functions.js"; //find a better (complicated) name for your file
    $hidden_filename=RandomString().".js";  //temporary filename
    copy($original_filename,$hidden_filename);

?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Catch my Javascript if you can !</title>

</head>

<SCRIPT language="JavaScript" SRC="<?php echo($hidden_filename); ?>"></SCRIPT>

<script type="text/javascript">
</script>

<body onLoad="javascript:testfunc();">
    This is the page with anything you like !
</body>

</html>
<?php
    sleep(1);
    //you can comment following line
    echo "finished !";
    unlink($hidden_filename);
?>

Here is the source for the "functions.js" file which will be hidden to the user.

// JavaScript Document
function testfunc(){
    alert("It works...");
}

However, as told in the comment, the developer tools of the browser will keep the script in memory, and make it still visible to the curious users... ;-((

philippe
  • 1,877
  • 2
  • 20
  • 25
  • This won't work. The source is already visible through the browser's developer tools. This would slow the site down by reducing its cacheability though. – Quentin Apr 04 '13 at 14:38
  • You are right. My trick will only hide the script for the most simple curious. I have edited the original post to show this answer as an alternate way to make a javascript less visible. – philippe Apr 04 '13 at 14:54
  • *Most simple is the one who doesn't know how to open Developer tools :) – MR_AMDEV Nov 13 '18 at 17:12