0

In developer mode, I can see java script code used in the installed apps and extensions. Is it possible to prevent resources within apps and extensions from being inspected by the others?

Thank you!

KaBa
  • 285
  • 3
  • 16
  • possible duplicate of [How to hide or encrypt javascript code?](http://stackoverflow.com/questions/1020368/how-to-hide-or-encrypt-javascript-code) – CD.. Mar 01 '15 at 18:01
  • @KaBa do you mind accepting this answer if it worked for you? Thanks! – peterdotjs Mar 09 '15 at 16:32
  • @peterdotjs Thanks for your answer Peter. Actually, eval() and similar ways are not supported in app's background script to run other code. – KaBa Mar 09 '15 at 22:03
  • @KaBa is there a reason you need to use `eval`? Generally it is very dangerous to use it. – peterdotjs Mar 09 '15 at 22:28
  • @peterdotjs I need to hide my scripts. Is there anyway to call a hidden script from background script? – KaBa Mar 10 '15 at 09:31
  • @KaBa what do you mean by "hidden"? As we have covered, you CAN'T hide anything from client side. If you put anything in your content script, background script, popup, etc it CAN and SHOULD be able to be inspected per SECURITY and safety reasons. Can you explain what your use case is? I'm assuming and hoping that it is nothing malicious. – peterdotjs Mar 10 '15 at 15:27
  • @peterdotjs you said : "If you would like to hide and prevent inspection, you must put it server side." . Could you please show me how I can run my downloaded javascripts(my original question talks about scripts as well) as we do in normal web-pages? It is not malicious script. – KaBa Mar 11 '15 at 17:51
  • @KaBa What I meant by that is simply anything that is downloaded onto the client (extensions or apps) will have files stored on the client (desktop, laptop, etc.) All these files are visible. If you have a `server` doing some logic, serving pages, handling REST calls, etc all this logic and all these server side files will be hidden the end user. – peterdotjs Mar 12 '15 at 04:05

1 Answers1

1

In general any client side code (living in the browser) cannot be hidden from inspection. For chrome extensions specifically all resources/source code will actually be local on the client file system.

For example, on Mac the extension files will all be unpacked here:

~/Library/Application Support/Google/Chrome/Default/Extension

If you would like to hide and prevent inspection, you must put it server side.

Hope this helps, Peter

peterdotjs
  • 1,526
  • 1
  • 13
  • 19