3

How do I hide my javascript/jquery scripts from html page (from view source on right click)? please give suggestion to achive this .

Thanks.

Shaitender Singh
  • 2,157
  • 5
  • 22
  • 35

6 Answers6

10

You can't hide the code, JavaScript is interpreted on the browser. The browser must parse and execute the code.

You may want to obfuscate/minify your code.

Recommended resources:

Keep in mind, the goal of JavaScript minification reduce the code download size by removing comments and unnecessary whitespaces from your code, obfuscation also makes minification, but identifier names are changed, making your code much more harder to understand, but at the end obfuscation gives you only a false illusion of privacy.

Christian C. Salvadó
  • 807,428
  • 183
  • 922
  • 838
  • this answer is much more fair than the winner one. is just it: you can not hide the code, web tools are able to see anyhow the scripts because at least one they are downloaded and executed. This was what i was looking for. thanks – LMG Mar 23 '14 at 13:57
8

Your best bet is to either immediately delete the script tags after the dom tree is loaded, or dynamically create the script tag in your javascript.

Either way, if someone wants to use the Web developer tool or Firebug they will still see the javascript. If it is in the browser it will be seen.

One advantage of dynamically creating the script tag you will not load the javascript if javascript is turned off.

If I turned off the javascript I could still see all in the html, as you won't have been able to delete the script tags.

Update: If you put in <script src='...' /> then you won't see the javascript but you do see the javascript file url, so it is just a matter of pasting that into the address bar and you d/l the javascript. If you dynamically delete the script tags it will still be in the View Source source, but not in firebug's html source, and if you dynamically create the tag then firebug can see it but not in View Source.

Unfortunately, as I mentioned Firebug can always see the javascript, so it isn't hidden from there.

The only one I haven't tried, so I don't know what would happen is if you d/l the javascript as an ajax call and then 'exec' is used on that, to run it. I don't know if that would show up anywhere.

James Black
  • 41,583
  • 10
  • 86
  • 166
  • 1
    I am curious about the downvote, as dynamically generated means it won't show up in 'View Source', which was the question. – James Black Oct 27 '09 at 04:44
  • I didn't downvote you, but to add, it will display in Firefox's right click 'View selection source' – alex Oct 27 '09 at 04:57
  • Wasn't me, but the same effect happens if you just include the – Daren Schwenke Oct 27 '09 at 04:58
  • @alex - I haven't tried 'view selection source', but the view source was fooled, if I remember. I was playing with this 3 yrs ago, but it is pretty pointless to do it now, so I don't play with it. And I point out that my solutions are perfect, but they are the best approaches I have found. – James Black Oct 27 '09 at 05:00
  • @Daren Schwenke - I just tested in IE8 with view source and the script tags in the head I see just fine. – James Black Oct 27 '09 at 05:02
  • Tags yes. The javascript, no. – Daren Schwenke Oct 27 '09 at 05:13
  • I downvoted you because deleting the script tag dynamically does nothing to "View source", and adding the script tag dynamically means that anyone who wants to find the source can just use Firebug, or inspect the code that dynamically loads to find out what it's loading, which protects nothing. As Daren points out, you get the same effect with ` – Brian Campbell Oct 27 '09 at 05:30
4

It's virtually impossible. If someone want's your source, and you include it in a page, they will get it.

You can try trapping right click and all sorts of other hokey ways, but in the end if you are running it, anyone with Firefox and a 100k download (firebug) can look at it.

Daren Schwenke
  • 5,428
  • 3
  • 29
  • 34
4

You can't, sorry. No matter what you do, even if you could keep people from being able to view source, users can alway use curl or any similar tool to access the JavaScript manually.

Try a JavaScript minifier or obfuscator if you want to make it harder for people to read your code. A minifier is a good idea anyhow, since it will make your download smaller and your page load faster. An obfuscator might provide a little bit more obfuscation, but probably isn't worth it in the end.

Brian Campbell
  • 322,767
  • 57
  • 360
  • 340
3

Firebug can show obfuscation, and curl can get removed dom elements, while checking referrers can be faked.

The morale? Why try to even hide javascript? Include a short copyright notice and author information. If you want to hide it so an, say, authentication system cannot be hacked, consider strengthening the server-side so there are no open holes in server that are closed merely though javascript. Headers, and requests can easily be faked through curl or other tools.

If you really want to hide the javascript... don't use javascript. Use a complied langage of sorts (java applets, flash, activex) etc. (I wouldn't do this though, because it is not a very good option compared to native javascript).

CodeJoust
  • 3,760
  • 21
  • 23
1

Not possible.

If you just want to hide you business logic from user and not the manipulation of html controls of client side than you can use server side programming with ajax.

Ramesh Soni
  • 15,867
  • 28
  • 93
  • 113