0

i found articles how to mask a normal url <a href="... by frame or iframe for example but did not find how to mask script or link tag sources in my HTML page. For example, if i do not want to show and redirect visitors to my files when clicking on <script src="http://www.example.com/the-file-to-hide.js type='text/javascript'/> or <link href='http://www.example.com/the-file-to-hide.css' rel='stylesheet' type='text/css'/>.

The source or link should look like : src="the-file-to-hide.js" and when it is clicked, the url does not direct anyone to the file but the script or stylesheet file will not have a problem to execute on my website.

Thanks for your answers in advance !

Igor Laszlo
  • 714
  • 9
  • 31
  • you may also want to dissallow direct access to these files using something like http://stackoverflow.com/questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access – Sharky May 09 '14 at 16:04
  • If the browser can see your .js then so can the user. You may be able to use .htaccess rules to prevent users going directly to the file but that won't stop them viewing the source via developer tools. – Moob May 09 '14 at 16:09
  • @Sharky : so, i found a code `RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC] RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC] RewriteRule \.(gif|jpg)$ - [F]` but what is this code ? where to install ? And how do i have to rewrite the code for my website ? – Igor Laszlo May 09 '14 at 16:24

1 Answers1

0

HTML:

<a href="the-file-to-hide.js" class="blocked">Run script</a>

JS:

function blocker(e){
    e.preventDefault();
}
var els = document.getElementsByClassName("blocked");
for(var i=0, l=els.length; i<l; ++i)
    els[i].addEventListener('click', blocker, false);
Oriol
  • 274,082
  • 63
  • 437
  • 513
  • thanks for your answer... is it possible to give a class to the script tag too ? Like ` – Igor Laszlo May 09 '14 at 16:26
  • @IgorLaszlo ` – Oriol May 09 '14 at 16:34
  • when you go to code source of the page, of course, you can see the codes in the script tags too. However, i already saw web-pages of which the script sources have shown short links and i do not remember exactly what happened at click but or it redirected to a forbidden page or did not redirect anywhere (not clickable), so you never could get the address of the script... – Igor Laszlo May 09 '14 at 16:42
  • @IgorLaszlo So basically you want to run a script but don't want others access its code. **This is IMPOSSIBLE**. JavaScript runs client side, and clients have **full-control** over their machines, so they can see the code they run. – Oriol May 09 '14 at 16:54
  • maybe the experts will be able to acceed to the scripts, i can not say the opposite as i am not an expert but what can be done, i wrote it in my previous comment can be done as i saw by myself and it will be enough for not expert visitors... anyway, if very professionals can acceed to the scripts in spite of the masked links, i do not think they need my scripts who are not so complicated...:) – Igor Laszlo May 09 '14 at 17:13
  • @IgorLaszlo Well it's not needed to be an expert, on Firefox you can open Debugger (Ctrl+Shift+S) and you will see all scripts listed. And it even has a Prettify tool which makes unreadable code readable. – Oriol May 09 '14 at 17:27
  • ok, i see... * and is there NO WAY to prevent Firefox Debugger or Firebug to show the scripts ? * anyway, the question is still valid, how can i show source links or links to show shortly and not clickable ? – Igor Laszlo May 09 '14 at 17:48
  • No, you can't avoid users from using its browser developer tools. – Oriol May 09 '14 at 17:52
  • In this case, does an encrypted script exist to add an obligatory attribution link to the website ? – Igor Laszlo May 09 '14 at 19:59