-1

I have an AJAX code that update a PHP page and I want to hide the AJAX code so the users when view source of the page don't show for them the AJAX code so How can I do it? This is my AJAX code

<script type="text/javascript">
function Ajax(){
var xmlHttp;
    try{    
        xmlHttp=new XMLHttpRequest();
    }
    catch (e){
        try{
            xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
        }
        catch (e){
            try{
                xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
            }
            catch (e){
                alert("Oops!");
                return false;
            }
        }
    }

xmlHttp.onreadystatechange=function(){
    if(xmlHttp.readyState==4){
        document.getElementById('ReloadThis').innerHTML=xmlHttp.responseText;
        setTimeout('Ajax()',2000);
    }
}
xmlHttp.open("GET","reload.php",true);
xmlHttp.send(null);
}

window.onload=function(){
    setTimeout('Ajax()',2000);
}
</script>

So how cna I hide this code from view source?

Klaus Jasper
  • 89
  • 1
  • 3
  • 9
  • Short answer: you can't. Everything downloaded to a clients machine is also visible to the client. – Teemu Jul 04 '13 at 07:42
  • 1
    This has been asked and answered *repeatedly*. The first four hits on A Famous Search Engine are all SO: http://stackoverflow.com/questions/2222355/how-to-hide-javascript-code, http://stackoverflow.com/questions/6869312/how-do-i-hide-javascript-code-in-a-webpage, http://stackoverflow.com/questions/11960168/ways-to-hide-html5-javascript-code, http://stackoverflow.com/questions/1020368/how-to-hide-or-encrypt-javascript-code – T.J. Crowder Jul 04 '13 at 07:42
  • Best bet would be to use a compiler/optimiser/uglyfier to make things harder for people to read but still would be doable... Plus, why do you want to hide that? It's nothing important – Salketer Jul 04 '13 at 07:43
  • 1
    you can hide partial javascript code injecting with ajax and a server language like php.The php file contains the javascript and get's only executed if the requests are ok.ajax injects the javascript and that is hard to find... – cocco Jul 04 '13 at 09:03
  • i was about to post how i would do but they closed the question... – cocco Jul 04 '13 at 09:28
  • Injecting the javascript code makes it hard to find only for casual users browsing the source code. A determined user will have the tools to discover the code easily. – kgiannakakis Jul 04 '13 at 09:58
  • http://stackoverflow.com/a/17468822/2450730 – cocco Jul 04 '13 at 11:27

2 Answers2

2

You can't hide the code. You can move it to a separate js file, but still a user will be able to see it. A solution would be to obfuscate it. See this question.

Community
  • 1
  • 1
kgiannakakis
  • 103,016
  • 27
  • 158
  • 194
  • if I move it to a seperate JS file can I make that file can't be accessed by the user? – Klaus Jasper Jul 04 '13 at 07:55
  • No this is impossible. Javascript is client code and needs to be present at the user's machine. The only solution is to obfuscate it. Or to move the functionality to the server. – kgiannakakis Jul 04 '13 at 09:57
0

No you can't hide it in the literal sense (obfuscation is not literal hiding - and the URL has to be at some point cleartext, even if it is generated) The question is not, whether you could hide the code or not, but: Why would you do that? Hiding something is no security mechanism.

Thomas Junk
  • 5,588
  • 2
  • 30
  • 43