I am currently using a javaFX WebView to "protect" my webapp's javascript code (separate URL) from easy access. I am aware that the WebEngine loads the HTML content from the URL and processes it.
Is the HTML content loaded in-memory or is it cached somewhere first before retrieval?
Thank you very much in advance!
The default WebView implementation in JavaFX 8 does not cache data it retrieves to disk. Though, as there is an open request for this feature, JDK-8014501 JavaFX WebView component to use internal cache, I wouldn't recommend on relying on this always being the case.
Anyway, it's client code, you can't really "protect' it. Somebody on the client machine could always install a proxy or network tracing tool on the client and intercept the traffic (even https traffic) to view your "protected" JavaScript files in clear text. You can obfuscate the JavaScript code to make it harder for somebody who does this to understand the code. You are really just trying to implement security through obscurity. My advice is to not worry about somebody accessing your JavaScript code - assume that, whatever you do, somebody could deobfuscate it, view it and understand it. If there is anything extremely sensitive about the code that you don't want exposed, then run the code on the server, not a client.
