Hi,
I have some pages that uses a page like header.asp. I put the following javascript in there in the head section to disable right-clicking on the pages:
<script language=“javascript” type=“text/javascript”>
var message=“Not Allowed!”
function click(e) {
if (document.all) {
if (event.button == 2) {
alert(message);
return false;
}
}
if (document.layers) {
if (e.which == 3) {
alert(message);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
}
document.onmousedown=click;
}
</script>
It doesn’t work. If I individually put it on a page, that works.
How can I achieve this without doing it on each page?
And any better code for this?
Thanks.
As I mentioned, we don’t show the address bar/menus/tools on the application window.
So no question of going to File menu.
And good point, we’ll disable the ctrl+p as well.
^ I have to agree. My intuition tells me that legitimate visitors will be annoyed by a site attempting to hijack their browser and the script-kiddies will see it as a challenge.
In my experience I know of only one guaranteed way to prevent content theft and its so extreme I doubt many do it though there’s no way to tell for sure.
Did you go into the browser settings and disable the option for that code to run. That is disabled by default in Opera and so any attempt to override access to the context menu is automatically blocked in that browser unless the browser owner gives permission.
All you are doing by placing these blocks on your site is to drive away legitimate visitors and encourage newbie thieves into stealing your content just so they can demonstrate how “clever” they are because they know how to bypass your ability to block their use of their own computer. Their simplest way assuming their browser doesn’t have the options you are trying to use turned off in the first place is to simply click the button in their browser that turns off JavaScript on your page.
Continue the way you are going and soon the only visitors you will have are those wanting to steal your content just because they can. All your legitimate visitors will have gone elsewhere where they don’t have to put up with such stupidity.
I haven’t seen a website yet that can stop me from copying whatever I like from my browser window.
As a last resort, I can just maximise the browser window (to get maximum resolution) and then press the PrtScrn key on my keyboard.
I then create a new file in Photoshop from what has been copied to my clipboard (from PrtScrn) and I can then do whatever I like with what I copied from the browser window.
You cannot disable the PrtScrn key on a user’s keyboard.
Hi,
I found if I put oncontextmenu=‘return false;’ in the body tag, it works. I tested in IE and Firefox.
My goal is to disable it in an application so users can’t go for a quick print. The address bar, toolbars are already hidden. Even though one can still get through these, but you know, restrict it as much as possible.
Thanks for your feed backs.
You don’t even need to do that in most browsers because most browsers have a separate option for whether or not to allow pages to do that and most of those have it disabled. With those browsers you can easily have it run all the JavaScript but ignore the code that attempts to disable rightclick.
For the one browser that doesn’t have that option you can add your own option to your browser to re-enable it again whenever a page disables it - see http://javascript.about.com/library/blright.htm
You can disable right-click using javascript but that can be easily by-passed by switching javacript off in the browser.
If you are looking to stop users from viewing your source code or copying your web page images, then that can’t be done.
Even with right-click disabled, all I would have to do is select View->Source from the browser menu (and that you definitely can’t stop) or take a screen dump of the screen by pressing the PrtScrn key on my keypad (and you can’t disable that either) and saving the page’s image in Photoshop.
You should remember - once something appears in a user’s browser, it is there to be copied if someone wants to and you simply cannot stop it. As a last resort anyone can just press their PrtScrn keypad key.
Okay so some new information - so this is for an intranet/extranet and not the internet and so you CAN apply the security settings that you require. (this statement of yours is the most important fact in connection with what you are trying to do and you didn’t mention it until now and so you got the answers that relate to the 99.99999% of people who ask about doing this on the internet instead of the answers that are completely different and apply specifically to intranets/extranets).
What you are trying to do will be easier if you restrict access to just Internet Explorer and block Firefox since IE is the only browser that can actually be tested for plus it is the only browser where you have the ability to encrypt the web page so that people can’t view the source (you have to use the special encryptor that only Internet Explorer can decode as otherwise anyone can use a different browser to decrypt it). If you give access to Firefox then you can’t ensure that the person has the menus and toolbars turned off since that facility is off by default and you can’t stop someone loading a different browser and using that to bypass all your protection. Using the IE encryption option will make the page unviewable in any browser except IE with JScript enabled and you can therefore apply the security settings you want in IE in the knowledge that they can’t be bypassed by switching to a different browser.
The only disadvantage of the JScript encoder is that it doesn’t work on Vista or Windows 7 and so your users would also need to be running XP or earlier to be able to view the pages - see http://msdn.microsoft.com/en-us/library/d14c8zsc(VS.85).aspx
If your user group is not running IE on XP or earlier (where the IE encryptor can be used) then the only way you can actually block them from anything is to apply the blocks within their operating system itself.
Thanks for your concern and advice.
But I am afraid you guys do not have enough information to jump to the conclusion you have reached.
“All you are doing by placing these blocks on your site is to drive away legitimate visitors and encourage newbie thieves into stealing your content just so they can demonstrate how “clever” they are because they know how to bypass your ability to block their use of their own computer”
Well this application is not for just any visitors from any place. We have a specific, small group of users. This is not a site open to public. So - please stop worrying about this. Think - why would we remove the address bar/menu/tools from the top, if we were expecting general visitors from everywhere?
“Did you go into the browser settings and disable the option for that code to run. That is disabled by default in Opera…”
Forget about Opera. Since this is not open to everybody, application users are allowed only to use the great great IE and the semi-great FireFox (The first and The second, not there after). Plus, these guys are not technical like you are. We know most of them don’t know how to change the settings. So, this is just a way to block them from quick print, as our client likes.
“Continue the way you are going and soon the only visitors you will have are those wanting to steal your content just because they can. All your legitimate visitors will have gone elsewhere where they don’t have to put up with such stupidity.”
Really did not expect such arrogant and offensive comment from a senior person like you. You might have great experience and knowledge and I am just at the beginning of the tunnel, but knowledge supposed to make a person wiser. Not arrogant.
