1

My understanding was that only the javascript code placed inline in the HTML page would show, never the code stored in .js files

...and I had never seen in any browser code in a .js file show on the clientside...
until I started to use Chrome and noticed all my code is available for viewing???

  1. Have I been convincing myself the code is safe in .js files, when in fact it never was?

  2. and while on this subject can a responder be totally clear whether the code in .js files can be hidden or not. I have read many posts that left me doubting whether it can be done or not.

. Some say to place it in a .js file on the server so it executes on the server...
--- using 'language=javascript' and an html line with 'runat server'? no idea how to do that.
--- But, would that not defeat the purpose of speed, and refresh since the server has to be accessed?
--- might as well code it in the code-behind???(C#, VB, php, ...)

. Some say use an AJAX call etc... but it seems others contradict that, saying the code lands on the clientside anyway thus will show? ...and I am assuming this would be a callback with no page redraw...

Mogsdad
  • 44,709
  • 21
  • 151
  • 275
Nic Martel
  • 21
  • 2
  • Its a helpful feature of the developer tools, If the browser can see a file, so can anyone - just by copy/pasting the src url of the .js's script element – Alex K. Aug 08 '11 at 12:24
  • 1
    JavaScript runs on the client. How did you expect the client to run the code without having it? – R. Martinho Fernandes Aug 08 '11 at 12:24
  • Martinho... touche, but 'having it' did not forcefully mean the browser would handle the inline code the same way as the .js when it concerns showing it. – Nic Martel Aug 08 '11 at 12:57
  • I got answers faster than I could update my post... THANK YOU ALL for kicking in... SEE MY COMMENTS IN 'GNi33' answer(1st answer) – Nic Martel Aug 08 '11 at 13:15

3 Answers3

4

JavaScript is executed in the browser, this means the script has to be submitted to the client. So, of course anyone can view the code, wether it's happening in the developer tools, getting the direct link out of your html or, for example, using a http sniffer.

Altough, there are some methods to make the script unreadable for humans. Minifying your script is a good practice in general. It decreases file-size, so the client has to download less, speeding up loading time. After all, this does not really help making your script "unreadable" for users, there are a lot of deminifying services all around the web.

Still, there is another way: obscurifying (or obfuscate) your script. This replaces the code to make it unreadable. Unfortunately, I don't really have experience with using this technique, so I don't know how it would affect the performance of the js-code.

Maybe you want to have a look at this: How can I obfuscate (protect) JavaScript?

Community
  • 1
  • 1
GNi33
  • 4,459
  • 2
  • 31
  • 44
  • mnifying is nothing but a lint type process, thus useless in this case. Obfuscation is useless also, as it will not stop a deternmined attack – Nic Martel Aug 08 '11 at 12:59
  • keep in mind that weighing the time and trouble one must go thru to playing the partial hiding games with files that are nicely formatted to code effectively and files that are whacked to a long continuous string is not worth the effort unless the code is guaranteed hidden. – Nic Martel Aug 08 '11 at 13:07
  • THUS, to simplify the answer for any other inquirer: NO, clientside code(javascript or other) CANNOT BE HIDDEN. end of debate... – Nic Martel Aug 08 '11 at 13:09
0

Javascript code can be seen even if its in a .js file the only thing you can do to make it little tough to understand is minify the js file.

sushil bharwani
  • 29,685
  • 30
  • 94
  • 128
0

Actually, javascript code stored in a separated file wont be shown directly; the user must explicitly type the name of the file in the address bar to see its content.

The only way to hide it is, as said before, to minify the file, which compress the file and make it unreadable for humans.

gobes
  • 507
  • 7
  • 25
  • your first statement is not correct, the browser tools show full code. so is your second, minifying does not make it unreadable for humans, only a bit more difficult to parse it – Nic Martel Aug 08 '11 at 13:31
  • Sure, if you use a tool you'll see it; but there is no tool mentionned in the question... And I was wrong about minifying, that's true :) – gobes Aug 08 '11 at 14:04