How can I hide a script src?

Question

I host a website, and I need to hide a script src. For example, script src="main.js" would need to be script src="main.js" but it would be unclickable. I realize this isn't the most well phrased question, but how can I keep the user from seeing the JavaScript?

4

You can't. Don't bother. – John Conde Mar 30 '14 at 20:03

score 0 · Accepted Answer · answered Mar 30 '14 at 20:07

0

You can't present JavaScript to the browser and then hide it from the user; it's just not possible. The best you can do is obfuscate it and make it difficult for the casual observer to decipher, however it won't stop a determined user from de-obfuscating it.

answered Mar 30 '14 at 20:07

j08691

204,283
31
260
272

I settled on this. Soon after posting the question, I looked [here](http://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript), and found [this](http://www.javascriptobfuscator.com/default.aspx), which I suppose will work. Thanks for the reply! – redacted Mar 30 '14 at 20:19

score 0 · Answer 2 · answered May 27 '17 at 06:32

I found a node.js npm plugin that can hide any src="*" & href + content https://www.npmjs.com/package/location-hide

This works also for php href, src, content it will use everything inside src=""

You need only node.js for creating the exported files. It´s easy to use even if you don´t know node.js. You can watch youtube guides for installing and using node.js If you create enviroment 1 time you can load cool stuff with npm

It turns

<script src="test/folder/sample.js" type="text/javascript"></script>  
<link href="test/stylesheet/perfect-scrollbar.css" rel="stylesheet">

into

<script src="TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR" type="text/javascript"></script>  
<link href="gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq" rel="stylesheet">

And it generate new jquery include codes like this to include your scripts with javascript in a external file

$('[src=\'TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR\']').attr("src", "test/folder/sample.js")  
$('[href=\'gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq\']').attr("src", "test/stylesheet/perfect-scrollbar.css")

Also I would suggest you that you include all of your external javascript codes in 1 single js file. This file you place in the root of your index file that you can make this

<script src="./allinone_external_file.js" type="text/javascript"></script>

Then make right htaccess that nobody can acces this file. You can also make a fake import script for the source code that every body can see. But this file is only a redirect for the real external js file. you make this multiple times as example + use other obfuscation tools. This will protect you from people searching exploits with your javascript codes. I know its no big deal and maybe you can see the jquery include codes if you know how. But anyway its a great protection.

How can I hide a script src?

2 Answers2