Is it possible to hide include part in view source of html

Question

I have searched many on this forum to hide some information in view source like script include and css, I didn't find any working solution

this is what I am doing in my php script

     <html>
           <head><?php include('mylibrary/my_include.php');?></head>

        <body>
             <div></div>
        </body>

     </html>

in view source I am getting like this

<html>
     <head>
      <!-- My function -->
      <script type='text/javascript' src='Library/My_fun.js'></script>

      <!-- Index -->
      <link type="text/css" rel="stylesheet" href="Index/Index.css" />
      <link type="text/css" rel="stylesheet"  href="JS/jquery-ui.css" />
     </head>

     <body>
        <div></div>
     </body>

</html>

I would like to hide js and css in view source which are in 'mylibrary/my_include.php', Is it possible to do so ? or any alternate solution displaying only following in viewsource or any other

     <head><?php include('mylibrary/my_include.php');?></head>

No, not really. You can obfuscate it using javascript, but there will always be a way to decode it. — Gerald Schneider, Mar 25 '14 at 14:38
I am worried because if I show this info third person can easily download from `curl` or `wget` from server — user3304642, Mar 25 '14 at 14:40
Impossible. You can't hide JS, CSS and HTML. It's client-side scripting. — Nick, Mar 25 '14 at 14:40
If you use JavaScript to load your css/javascript after the request is returned from the server, the dynamically added resources would not show in `view source`. So, you *could* hide it from `view source`, but the user would still be able to see/access any client side code by using the browsers developer tools, etc. — matthewpavkov, Mar 25 '14 at 14:42

score 5 · Answer 1 · answered Mar 25 '14 at 14:39

5

No.

You can't give something to the browser without giving it to the user. The user controls the browser, you do not.

answered Mar 25 '14 at 14:39

Quentin

914,110
126
1,211
1,335

Yair Nevet · Accepted Answer · 2014-03-25T14:44:36.583

I would like to hide js and css in view source which are in 'mylibrary/my_include.php', Is it possible to do so ? or any alternate solution displaying only following in viewsource or any other

No, it is impossible to render your page without these references due to the fact using these references, the web browser knows from where to download, parse and load your resources (css, js).

But:

You can obscure/compress/minify your JS & CSS files in such a way that it would be very hard for the users to identify it correctly.

UPDATE:

Per the OP request, here is how to compress resource files: http://refresh-sf.com/yui/

+1 okay How can I compress or minify it, if you have time please give one small demo — user3304642, Mar 25 '14 at 14:47

score 3 · Answer 3 · answered Mar 25 '14 at 14:40

3

This is not possible. The browser needs to see it. Thus, the user is able to see it too.

There are methods you could use like obfuscating, disabling right clicks, etc., but these only work to prevent a small number of users from viewing it.

answered Mar 25 '14 at 14:40

Anonymous

11,748
6
35
57

4

Write all your content in Latin. – Quentin Mar 25 '14 at 14:47
@Peter You would obfuscate the code or disable right clicks like I said. – Anonymous Mar 25 '14 at 15:27
I don't know how to disable righclick please help – user3304642 Mar 25 '14 at 15:39
Don't disable right click. It is very ineffective and highly annoying. – Quentin Mar 25 '14 at 15:40
@Peter You can look here: http://stackoverflow.com/questions/737022/how-do-i-disable-right-click-on-my-web-page but as Quentin said, there is pretty much no point to it. – Anonymous Mar 25 '14 at 16:11

score 2 · Answer 4 · answered Mar 25 '14 at 14:38

2

You can not hide the source html / javascript as they are run on client. You can obfuscate at max still one would be able to get to the source.

answered Mar 25 '14 at 14:38

Adil

146,340
25
209
204

score 2 · Answer 5 · answered Mar 25 '14 at 14:41

2

Yo'll have to switch to some kind of compiled application, like one in C++ instead of web application if you want to avoid people reading your sources.

answered Mar 25 '14 at 14:41

Oscar

13,594
8
47
75

@Peter I don't understand what do you mean with "demo".. I can point you to an article where you can explore the possibilities of decompiling native C code, if that helps.. http://www.codeproject.com/Articles/4210/C-Reverse-Disassembly – Oscar Mar 25 '14 at 15:15
I don't know how to use it so I asked for demo – user3304642 Mar 25 '14 at 15:41
What I'm saying is that if you want to make almost impossible to reverse engineer your code, you need to change the way you distribute your application, making it a desktop application rather than a web one. I can't give you a demo of a native C++ application, there are hundreds of sites . Other option is to remove the relevant part from the JS and execute it at the server side instead of client side. – Oscar Mar 25 '14 at 16:15

Is it possible to hide include part in view source of html

5 Answers5