1

I am learning html5/css3/javascript.

But I have found that the samples on the web disclose their source codes.

Does this mean html5/javascript can not protect source codes?

Welcome any comments.

Sparky
  • 98,165
  • 25
  • 199
  • 285
monsabre
  • 2,099
  • 3
  • 29
  • 48

3 Answers3

11

All of those (HTML, CSS, JavaScript) work on the client side, always have, they are part of the presentation layer and the web browsers have always been capable of displaying the source code for what's presented to the user.

So no, you can't have closed-source projects that are solely based upon HTML, CSS and/or JavaScript

bevacqua
  • 47,502
  • 56
  • 171
  • 285
  • Yes, but for the JavaScript part, there is obfuscation, I mean it will give the guy who wants to get your code a bit of a headache, and then there's https://jscrambler.com/ :). It will give medium headaches and big headaches less knowlegeable guys. Anyhow, with enough desire and determination you could do it anyways, but it depends what do you want to protect. – Arthur Kovacs Apr 04 '14 at 21:36
  • Now, protecting CSS and HTML seems plain ... wrong. – Arthur Kovacs Apr 04 '14 at 21:37
  • Another good option is to inject at runtime bits of business logic into application, those will be harder to get. – Arthur Kovacs Apr 04 '14 at 21:45
1

You can't really protect JavaScript since it has be run by the browser.

There are tools to obfuscate JavaScript but it's trivial to reverse the process.

Peter
  • 6,354
  • 1
  • 31
  • 29
0

One of the things that really irritates me about JavaScript is the fact that it is non-compiled. One way you can help combat this is by using a minifier before you deploy your source. Here is a good one for CSS and Javascript: http://aspnet.codeplex.com/releases/view/40584

Another way you can manipulate the Document Object Model (DOM) without using Javascript is the use Silverlight/Flash or a Java/DOM API like: http://www-archive.mozilla.org/projects/blackwood/dom/

You can also try using an obfuscator but usually minification does a fair job of obfuscation. Please don't rely on JavaScript to enforce secuity for your site since Javascript can be easily hacked. It is okay to use JavaScript to help the user find his/her way, but all client side Javascript validation must be followed up with Server Side validation.

Shawn Eary
  • 684
  • 2
  • 7
  • 21
  • How does minification help *combat* non-compilation? – Phil May 27 '11 at 02:43
  • Minification reduces code size and slightly enhances security by making the JavaScript harder to read. – Shawn Eary May 27 '11 at 02:47
  • @Shawn Minifiers have nothing to do with obfuscation, they are intended to reduce file size – bevacqua May 27 '11 at 02:48
  • @nico I must be mistaken because I really thought that keparo recommended YUI Compressor here (much to his benefit...): http://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript – Shawn Eary May 27 '11 at 02:57
  • @Shawn I meant it in the sense that security through obscurity is pretty much obsolete, since if the user really wants to find out what is in there, he in all likelihood will. – bevacqua May 27 '11 at 03:00
  • @nico I suppose you are right in stating that obfuscation is no match for a true hacker. Thank you for this enlightenment. – Shawn Eary May 27 '11 at 03:05