Hi, can i ask about the view page source, is it possible to hide the code of my jquery because when i view page source i can see all my jquery script like submitting the form, sending data to other page via jquery.ajax and etc…and the user might see all this and i think it will be prone to hacking…can you please enlighten my mind.
Thank you in advance.
That’s why it’s better to use php for form processing.
It’s not possible to hide client-side code, no. You could make a copy of it and obfuscate it to make it harder to read though.
I use jquery so that when i am submitting the form it will not refresh the page.
what do you mean by this
You could make a copy of it and obfuscate
You could if you wanted encrypt the JavaScript like a lot of virus writers and other miscreants do. Or obfuscate the code (write the code that is difficult for humans to understand).
In both cases usually if you feel the need to do either - for major security reasons/concerns - the odds are you shouldn’t be using client-side script in the first place for that specific task.
Like was mentioned all client-side script can be accessed by the browser or visitor so make sure any potential attack surface is minimal.
I think you have your answer jemz, but I wanted to point you at this discussion anyway: http://stackoverflow.com/questions/6869312/how-do-i-hide-javascript-code-in-a-webpage
It makes interesting reading.
There is no need for anyone to hack JavaScript. If the script does something you don’t want to do then you simply turn off JavaScript for that web page. If you want to do something slightly different you add your own JavaScript to the page to override any scripts already in the page.
That was a good read. What’s this bit doing? That’s the only one I couldn’t tell. It was the post second to last.
//------------------------------
function unloadJS(scriptName) {
var head = document.getElementsByTagName(‘head’).item(0);
var js = document.getElementById(scriptName);
js.parentNode.removeChild(js);
}
//----------------------
function unloadAllJS() {
var jsArray = new Array();
jsArray = document.getElementsByTagName(‘script’);
for (i = 0; i < jsArray.length; i++){
if (jsArray[i].id){
unloadJS(jsArray[i].id)
}else{
jsArray[i].parentNode.removeChild(jsArray[i]);
}
}
}
[QUOTE=EricWatson;5337033 What’s this bit doing?[/quote]
function unloadJS(scriptName) {
var head = document.getElementsByTagName('head').item(0);
var js = document.getElementById(scriptName);
js.parentNode.removeChild(js);
}
if you call unloadJS(‘myscriptid’); then the scripttag containing id=“myscriptid” is removed from the current web page. Not sure why the var head line is there as that does nothing. Not sure why the scriptid field is called scriptname.
function unloadAllJS() {
var jsArray = new Array();
jsArray = document.getElementsByTagName('script');
for (i = 0; i < jsArray.length; i++){
if (jsArray[i].id){
unloadJS(jsArray[i].id)
}else{
jsArray[i].parentNode.removeChild(jsArray[i]);
}
}
}
The var jsArray line does nothing because the next line overwrites it with a nodelist of all the script tags in the page. Since it is a nodelist it is confusing to call it jsArray but then whoever wrote this doesn’t appear all that good at giving variables meaningful names. The loop steps through every second script tag removing them using the first function if the script tag has an id or a one line equivalent if it doesn’t. In this instance the function is misnamed as only the odd numbered entries in the original nodelist get deleted because as each script tag is deleted off the front all the others get moved up (one of the many traps for beginners).
Cleaned up it is hopefully easier to read what it is doing plus reorganising the loop to actually delete every script tag and not just the alternate ones:
function unloadJS(scriptid) {
var js = document.getElementById(id);
js.parentNode.removeChild(js);
}
function unloadAllJS() {
jsnodes = document.getElementsByTagName('script');
for (i = jsnodes.length-1; i >=0; i++){
jsnodes[i].parentNode.removeChild(jsnodes[i]);
}
}
}
or if you really must remove the script tags from the top of the page down then use a while loop instead of a for loop:
function unloadAllJS() {
jsnodes = document.getElementsByTagName('script');
while (jsnodes.length) {
jsnodes[0].parentNode.removeChild(jsnodes[0]);
}
}
}
Lol thanks felgall. What’s it doing in dumbed down talk I guess. How is it hiding the js? Thanks
Any attempt to do this isn’t worth the time of day. I could just turn of JavaScript and see all your scripts. Not that hard either way.
It isn’t hiding the JS - it is removing the JS from the page. Once the above script finishes running there will no longer be any JavaScript attached to the page to run.
Any JavaScript that runs before it gets to the end of the script containing that code will be the only JavaScript in the page that gets to run.
If there is any JavaScript actually embedded into the HTML that calls functions then that code will run up to the point where it calls the function that no longer exists.
In fact on my page http://www.felgall.com/jstip154.htm below the instructions on how to turn JavaScript on and off in the various browsers I have a bookmarklet script and a userscript available that use the exact same while loop as I rewrote above to disable JavaScript in the web page as examples of how you can use JavaScript to selectively disable JavaScript in browsers that don’t make it easy to do it selectively using the browser options. (only just remembered that page was there).
Hi felgal, where should i put those function that you wrote?..by the way after it finishes to remove the script in the page,does my page will still functioning ?
Thank you in advance.
The instructions on how to attach the scripts to your browser are in that web page - it varies depending on which browser you are using.
After the script runs the page will function exactly as if JavaScript were disabled but with any scripts that run during the load having already run (which wouldn’t have happened if JavaScript actually were disabled).