Protect js code without any obfuscation

Code is below there are two files

  • index.php
  • javascript.php

copy code and save as below filenames , Now your javscript code is not shown in browser…Enjoy

index .php

<?PHP
@session_start(); //Start our session.
if(!isset($_SESSION[‘PrintTheJavaScript’])){ //If the session is not registered (and it’s not).
$_SESSION[‘PrintTheJavaScript’]; //Register the session.
} // End if(@!session_is_registered('Pri…
$_SESSION[“PrintTheJavaScript”] = true; //Set the session value to TRUE.
?>
<html>
<head>
<meta http-equiv=“Content-Type” content=“text/html; charset=windows-1256” />
<title>Hide Javascript Code</title>
<script src=“https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js”></script>
<script language=“javascript” src=“./js/test.js”></script>
<!–Here we call our Javascript page the first time it’ll provide us with our javascript code –>
<script language=“javascript” src=“./js/javascript.php”></script>
<!–
We call the same page again AND THIS IS SECOND PART OF THE TRICK.
because after we called it the first time it will set the session value to FALSE which mean it will print NOTHING
–>
<script language=“javascript” src=“./js/javascript.php”></script>
</head>
<body>
Try to save this page or go straight from your browser to the (javascript.php) page<br>
and see if you can get my javascript code.<br>
YOU’LL NEVER CAN.
<br/><br/>
<a href=“#” onclick=“callme();”>Function Click</a>
</body>
</html>

javascript.php

<?php
@session_start(); //Start our session.
header(“Cache-Control: no-store, no-cache”); //Tell the browser to not cache this page (don’t store it in the internet temp folder).
header(“Content-type: text/javascript”); //Let the browser think that this is a Javascript page.
//If the session value is TRUE that means the client has opened the main page (which creates our session and sets its value to TRUE).
if ($_SESSION[“PrintTheJavaScript”] == true){
//Now we can print our javascript code using PHP’s echo command.
echo ’
// Here is our hidden javascript source.
function callme(){
alert(“javascript hidden code”);
}
$(function(){
alert(“working”);
});
// End of our hidden javascript source.
';
}else{
//If the client tried to open the page straight from the browser (he is trying to see our hidden code).
// Print some fake code or don’t print anything.
}
//Set the session value to false AND THIS IS FIRST PART OF THE TRICK.
//because we are going to call this page again and it’ll print nothing (because $_SESSION[“PrintTheJavaScript”] <> TRUE)
//so even if the client tried to SAVE the page this page will be saved empty.
$_SESSION[“PrintTheJavaScript”] = false;
?>

It was a good effort but you forgot about the developer console which proves it’s not possible to protect your JS source.