-3

I'm looking for disable keyboard script to protect hidden content.

Marcel Korpel
  • 21,536
  • 6
  • 60
  • 80
Zam
  • 13
  • 1
  • 1
  • 2
  • 2
    It's trivial to workaround such a 'block' anyway, you know right? It does nothing but look unprofessional. – Arran Feb 04 '13 at 15:42
  • Don't output it if it's hidden. Or do it only if someone meets your Pentagon-like criteria ;) – Moseleyi Feb 04 '13 at 15:44
  • hi.. actually its a content locker. need to complete offer before can see what is it – Zam Feb 04 '13 at 15:46
  • Then output it after the user completed that 'offer'. You don't have any other options. – 11684 Feb 04 '13 at 15:47
  • never think of it, it will make your user very angry and anyone who knows reading can find a workaround for it – AFgone Sep 03 '16 at 08:29

3 Answers3

4

It is not possible. A user will always be able to view your source since he needs to download it in order to render the page.

There are more ways to view source than what you are trying to prevent:

  • Using firebug
  • Using wget
  • Right clicking on content choosing 'view source'
  • Using the menu option
  • Via man in the middle
  • probably more...
mkoryak
  • 57,086
  • 61
  • 201
  • 257
0

This is not very complicated but totally unreliable. Its same with all other Javascript protections.
First the trick (IE incompatible):

function denyKey(event) {
    var code = event.keyCode;  
    if(event.ctrlKey) {
      if(code==85) 
        return false;
    }
}
window.addEventListener("keydown", denyKey);

My code is just scratch, it is not cross-browser. This is where to get keyCodes. I did not put much effort in the code since I want to discourage you from using it.
Once you send data to user, he can read the data unless you encrypt them without giving him the key. This means any:

  1. Javascript authentication
  2. Secret loading pages
  3. Javascript "Wait before download..."
  4. Blocked mouse buttons

..can and will be bypassed by the user.

I have a bookmarklet to unblock mouse buttons for example.

Tomáš Zato
  • 50,171
  • 52
  • 268
  • 778
  • I think you should block the `keypress` event. – Marcel Korpel Feb 04 '13 at 15:52
  • I doesn't matter anyway. Even if it would work everybody can still bypass it. @MarcelKorpel – 11684 Feb 04 '13 at 15:53
  • @ Marcel Korpel - in my browser its keyDown actually. Fixed. – Tomáš Zato Feb 04 '13 at 15:54
  • Beware of **vulnerability of this code** man!!! You can use [AJAX](http://en.wikipedia.org/wiki/Ajax_%28programming%29) to download the source when user is allowed to see it!!! – Tomáš Zato Feb 04 '13 at 15:58
  • okay friend.. i just don't want someone complete offer using outside link/direct link. So i need it to hidden real link because i using iframe code. – Zam Feb 04 '13 at 16:07
  • Oh then you are doing it wrong. In PHP you can read HTTP_REFFERRER header to see, if the user comes from different site. User himself can decide **not to send this header** but for exaple, this header is widely used to prevent hotlinking to downloads. – Tomáš Zato Feb 04 '13 at 16:13
-1

That is not possible, even if it was, it would have been a horrible protection. Even I could write a simple script that fetches the source of an arbitrary page. Everything that the client sees, is 'view source'-able (somebody edit that). Only server-side code is safe. Even if it was only possible to view your page through a real browser (but you can't make it so) you'll probably overlook a accelerator key, or other shortcut. If you don't want the client to see some code, don't give it to him! Keep it server-side (and not in a .txt file, that's accessible too) or don't keep it.

11684
  • 7,356
  • 12
  • 48
  • 71