0

I design my very own .js file and the file will be import into browser extension to use. One of my friend wanna get the source from me but I don't feel like given my design source code to other, thus I said I would like to share the file to him. But how can I lock the file or encrypt the code, so he is unable to review my source code.

With what I found out here Password Password Folder The result is expected, but the issue is my friend still can open the .bat with editor and review the password to unlock, which is also not very good protection tho.

Expected outcome: Browser extension is still able to read the locked folder. Password is not reviewable from others

Jack Wong
  • 33
  • 6
  • 5
    It is impossible for a browser to render a javascript without the user being able to view the source. By the very nature of client side scripts and browsers allowing users to read them. – Xavier Dec 25 '18 at 11:57
  • Bear with it that in client-side world You cannot hide anything from experienced people. General reason is security conventions by browser vendors. Since code executed on clientside it's not hard to dump running code from memory. Also any obfuscated, uglified code can be deobfuscated, deuglified. – num8er Dec 25 '18 at 12:01
  • @str the password mention was a red herring; the OP did not explicitly state that he was storing passwords on here. His question is akin to DRM techniques, really. – Sébastien Renauld Dec 25 '18 at 12:04

1 Answers1

0

As long as you're providing javascript to somebody else, you're going to run into this problem. The code has to be interpreted, and for this to happen, it needs to be read, in its entirety, by the interpreter.

You need to identify your goal. Is your goal to prevent your friend reading part of the code, or copying the code?

If you're interested in the former, obfuscating or even just uglifying your code might work. The point of obfuscation is to turn readable code into much, much more difficult to decypher code. Somebody with enough time on their hands will still be able to piece things out, however.

If your goal is to prevent somebody from copying the code, you're out of luck overall. Since your interpreter (in this case, the browser) needs the entire code to start interepreting, there is a point in time when all of it is accessible. All it takes is for somebody to get there at the right time...

Since you are writing a browser extension, you may want to look into other means of writing your code. The browser you are targetting may or may not support web assembly (wasm), which would allow you to write the trivial parts of your extension (data entry, validation and the likes) in JS while keeping the core of it written in pure assembly, compiled down from another language (for example, rust). It still is readable by the trained eye, but much more difficult to port back to the original format you wrote it as.

Sébastien Renauld
  • 19,203
  • 2
  • 46
  • 66