I am trying to reverse engineer some javascript code and am struggling to see how things are working.
In order to get a better feel for this I would like to add some console.log() statements and watch a few variables so that I could see what is going on as the code gets executed.
Is there a way to force my page locally to load javascript from my box instead of from the externally hosted site? I essentially want to modify the script and load my modified version when this external page tries to call whatever functions it needs to go through.
I was thinking maybe modify the hosts file so that when my browser goes to look for the external site it redirects to some kind of internal host? I am not quite sure exactly how to do it. If someone could point me in the right direction I would really appreciate it.
Thanks!
Related
i have seen answers to similar questions. but, not quite what i want to know. if i make an external javascript file. then, on the client side, when the client loads the HTML, all they see is a link to the external javascript file. like this:
<script src="myScript.js"></script>
they never see the source code.
i don't get all this talk about obfuscation & minification. best way is just make an external file. then, without hacking into the server to download the source, they will only get machine code.
They can still follow the link to get the file directly.
Just display the source of this (this question) page, you can see
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
but you can still simply open https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js to see the source.
Even obfuscation doesn't provide protection as the source is still accessible to the client and he can de-obfuscate it (although that can be hard, it is not impossible).
And minification is used to reduce file size, so the file loads faster (and thus the page load time is lower).
i get it now. but, someone answered that you can hide the source w/PHP server side produced web pages. i haven't understood this yet. but, i have seen this answer a few times. this would seem the way to hide your scripts.
Is there any way to prevent unauthorized access to JavaScript files.
<script src="JS/MyScript.js" type="text/javascript">
Users should not be able to view the MyScript.js file.
I would like to know ,is it possible to do that ? If possible please give me an idea. :)
Thank you..
It's not possible.
The file must be fully accessible for it to work in your pages. The server has no way to determine if the request was from a script tag, by directly typing it into the browser window, etc.
You can minify your file to make it less human-readable. You can also obfuscate it, although that will have a performance impact on your website. However these are reversible, and anyone who really wants to reverse engineer your code still can.
As with everything though, you should be prepared for anyone to see anything you put online.
If the JS file is getting loaded on the client its possible to read it.
If you got stuff in the JS file that the user is not supposed to have access to, I would recommend another approach to the problem.
If you don't want it to load at all on the client if its not authorized, you could use some serverside script to prevent it from load.
I'm using jquery and some ordinary javascript on my site and I've been told that I'd be better off loading all the javascript in a minimized form at the closing body tag of my pages rather than in the header as they are now.
I've also been told that I should clump all my JS together into one file to keep the number of requests down, although I've also been told there's some of my javascript which won't be able to be included in this mega file because it's needed by FB (for example).
So now I'm totally confused. For a start,
1) I use jquery and the jquery.ui, can these be lumped into the mega file and loaded at the end?
2) Can I just stick everything which currently appears in my page source surrounded by script tags into this file?
3) What must I leave out?
It's all a bit over-whelming when you're a learner
the site is at http://www.traditionalirishgifts.com/ as you can see I load:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
as well as a heap of other javascripts
As the comments point out, the answer depends on many variables.
Are you using any server side web framework? Any web framework worth it's money will offer you options for javascript and css concatenation. Typically these options allow you to define how exactly you want the concatenation to happen. Certain js files will change infrequently, example jquery, jquery ui. Whereas certain other files will change frequently, example your own application scripts. All these can be taken into consideration when deciding on what to concatenate.
If you could share which server side technology and what web server are you using, I can help you find specific solutions.
With regards to your three questions, its all about managing your dependencies. If your application scripts or "whatever currently appears in my page source surrounded by script tags" depend on jQuery or any other library, then they will need to included AFTER jquery or said library.
Dependency could also exist wrt the DOM. If your scripts output html directly using document.write then you will not be able to move them around easily.
I went through the html of the homepage of the site you linked to. The js code in that file can be moved to just before the end of the body, though you will need to ensure they appear in the same order. All the plugins you have included they seem to initialize themselves on document.ready which occurs only after all the html/js/css is parsed.
You are already referencing jquery/jqueryui from a CDN, so don't add them to the concatenated file.
I did not notice any code that you wouldn't be able to concatenate (on account of using FB). That said you could ask the person, who told you that, to explain why.
Finally, you can read more about optimizing front-end load times on YSlow (http://developer.yahoo.com/performance/rules.html) and Google Page Speed (https://developers.google.com/speed/docs/best-practices/rules_intro)
Personally, I would suggest you go ahead and move everything to just before the end of body. If something breaks, then ask questions on SO specific to the errors you receive.
My understanding was that only the javascript code placed inline in the HTML page would show, never the code stored in .js files
...and I had never seen in any browser code in a .js file show on the clientside...
until I started to use Chrome and noticed all my code is available for viewing???
Have I been convincing myself the code is safe in .js files, when in fact it never was?
and while on this subject can a responder be totally clear whether the code in .js files can be hidden or not.
I have read many posts that left me doubting whether it can be done or not.
. Some say to place it in a .js file on the server so it executes on the server...
--- using 'language=javascript' and an html line with 'runat server'? no idea how to do that.
--- But, would that not defeat the purpose of speed, and refresh since the server has to be accessed?
--- might as well code it in the code-behind???(C#, VB, php, ...)
. Some say use an AJAX call etc... but it seems others contradict that, saying the code lands on the clientside anyway thus will show? ...and I am assuming this would be a callback with no page redraw...
JavaScript is executed in the browser, this means the script has to be submitted to the client. So, of course anyone can view the code, wether it's happening in the developer tools, getting the direct link out of your html or, for example, using a http sniffer.
Altough, there are some methods to make the script unreadable for humans.
Minifying your script is a good practice in general. It decreases file-size, so the client has to download less, speeding up loading time. After all, this does not really help making your script "unreadable" for users, there are a lot of deminifying services all around the web.
Still, there is another way: obscurifying (or obfuscate) your script. This replaces the code to make it unreadable. Unfortunately, I don't really have experience with using this technique, so I don't know how it would affect the performance of the js-code.
Maybe you want to have a look at this: How can I obfuscate (protect) JavaScript?
Javascript code can be seen even if its in a .js file the only thing you can do to make it little tough to understand is minify the js file.
Actually, javascript code stored in a separated file wont be shown directly; the user must explicitly type the name of the file in the address bar to see its content.
The only way to hide it is, as said before, to minify the file, which compress the file and make it unreadable for humans.
I don't know if I'm asking the question correctly so apologies if I am using the wrong terminology. I typically write my own servers, javascript, etc in vi. I've been given a project to enhance a VB.Net / ASP.Net application and I'm having some troubles figuring out how to get the user control to render BEFORE the page finishes loading.
When I use normal browser as the viewer, everything works OK. When I try to use generate the page as a report, the report generator spits out the PDF while my JavaScript graph drawing stuff is still in it's initialize functions.
They are using EvoPDF as the PDF generator. It appears the page is being considered complete after the page is loaded but before the javascript is executed.
I admit I'm a bit lost when it comes to ASP.NET, but I know HTML/HTTP/JavaScript very well.
How can I force the page load to wait until my usercontrol finishes rendering, or otherwise solve my problem?
Thank you
When you use evopdf, the PdfConverter has a property called ConversionDelay.
This by default is set to 0.
If the problem is due to the page rendering too quickly then setting this may solve your problem.
You cannot get VB.NET to render something before the page has loaded. It is a server side language and the page must load all of the way to get the response from the server.
However it sounds like you may just need something like the domready function in JQuery. Where the page loads and then you execute your javascript. Right now it seems you might just be executing your javascript as the page is loading and you may need to wait for the full response from the server to start your script.
But no ASP.NET cannot draw or do anything until the page is loaded unless you are going to use some sort ajax functionality to get data from the server.