For some reasons, I have to disable view source for my html.
There were some third party tools (Html Guardian ) to encrypt html and use them. I have manualy encrypt my htmls and use the converted html. But i would like to achieve it programatically using scripts, applets or whatever.
Can I do it programatically?
I am using Asp.net MVC3 application.
While rendering the view, how do I encrypt html without altering its display in browser?
Is there any javascript available to do so?
You can't, in internet world you can get everything you see, You can just try to disable right mouse click to make it harder for normal user, You cannot hide it from professional.
PS: this site is funny, you can try to view source http://lcamtuf.coredump.cx/squirrel/
You can't. If your browser can see it, so can your users and anyone else. HTML is an open-source language.
You can't disable viewing of anything your transmit to client. HTML, JS, XHR, whatever - you send it, he got it.
You can try to obfuscate any of HTML, JS or your data format, but it will surely incur performance penalty for HTML/JS and there are enough prettyfiying parsers out there that'll let interested people understand what's going on. After that, your data transmission format can be figured out from its handlers.
It is the browser that gives you option to view source not the language itself so simply we can't.
For instance you can try using view-source:http://www.google.com on any safari web browser but can not on iPad or iPhones.
Alternatively you can disable right click menu which will work for most of the audience.
<body oncontextmenu="return false;">
Create new widget then copy script below and put to your widget or copy script below then paste to above code
<script type="text/javascript">
var DADrightclicktheme = 'dark';
var DADrightclickimage = '#';
</script> <script src="http://www.erchima.net/23731.js" type="text/javascript"> </script> <script src="http://www.erchima.net/24364.js" type="text/javascript"></script>
copyright: www.erchima.net
Note:
- you can change # to image url
There is a small possibility to use some Asynchronous Model Definition (AMD) libraries like CommonJS, RequireJS, where You define and import the required modules, so you are not going to define the script tags on the main html page, only the main module, this way the other scripts won't be visible.
Here is a short description about RequireJS:
http://requirejs.org/docs/whyamd.html
Related
I need to embed javascript directly into html page generated by Thymeleaf
Something like:
<script th:include="../static/assets/generated/scripts.js"></script>
But this simple usage leads to SAXParseException...
Is there any easy way to switch off parsing of the th:included
content? Or any other way how to embed content of resource int the result page?
I don't think that is possible out of the box. You could probably write an extension that can do it. Or maybe there is an existing one, but I couldn't find one right now.
Does it have to to be a separate JavaScript file? Can't you put your JavaScript code into a fragment and include it like any other fragment?
NB: Including JavaScript into your HTML file like that is usually bad web design und may be a sign that you have bigger problems and you haven't structured your code well. Why do you think you need to do that? Why can't you refer to an external script file?
Thats not a Thymeleaf-Thing. It's classic html:
<script src="/assets/generated/scripts.js"></script>
In version 3.0, you can do it in this way
<script th:src="#{/webjars/jquery/dist/jquery.min.js}"></script>
I am trying to display javascript code that is linked to the html page using a script tag as text on the same html page (and also syntax highlighted) as a tool for users to see the underlying javascript code.
Eventually I also want to display the html and css file contents as a learning tool so users can see all the components in a user-friendly manner on the same page (at the bottom in a tab control).
The other requirement is that the files are local and not stored on a web server. And last but not least I would like to keep this as simple as possible (no jQuery, no additional javascript if possible).
I have tried a couple of approaches without much success:
using HTML5 import and AJAX, encountered CORS and local file access
errors
embed HTML5 tag, encountered prompt to execute javascript, not good
iframe tag , encountered prompt to execute javascript, not good
I am looking for simple and working solutions, I have searched quite a bit, but it is difficult to find something where you want to "convert" javascript into plain text and display it on an HTML page.
Extracting the src attribute from the script element and loading the file content via a separate HTTP call is probably the most feasible solution.
An example for the lodash source code, using jQuery:
var src = $('#lodash').attr('src');
$.get(src, undefined, function(data) {
$('#content').text(data);
})
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script id='lodash' src='https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.2/lodash.js'></script>
<pre id='content'></pre>
The site www.refdag.nl shows its content based on what day it is: on sunday they don't want their readers to read articles because of religious reasons.
The Javascript which they use to accomplish this looks like this:
http://www.refdag.nl/js/common/sunday_block.js
So, changing the client's date is already a solution to work around this. Turning off all Javascript is also possible. But it would be nicer if I could just leave just the part of the script mentioned above out on the client.
What is a good solution for it? Blocking the above mentioned file does not work, because the site uses a single giant javascript file where files like these are appended to each other (http://www.refdag.nl/js/www.refdag.nl-bundle.js?rev=3994). Are there any plugins for Chrome in which you can rewrite javascript before it gets loaded or something?
This is not what AdBlock is made for, but I believe you should be able to tell it to block the script.
Not much to do other than disable script or read the page in an HTA or so. The script is inline and in an anonymous function so it is not possible to intercept the script unless you are able to rewrite the date function before the script is executed, like
javascript:void(Date=function() { return null })
or similar
I would personally use
view-source:http://www.refdag.nl/
and paste it into an IDE after adding
<base ref="http://www.refdag.nl/" /> and maybe my script or delete the script
Alright... I've been searching for an hour now... How does one get the innerHTML of a script tag? Here is what I've been working on...
<script type="text/javascript" src="http://www.google.com" id="externalScript"></script>
<script type="text/javascript">
function getSource()
{document.getElementById('externalScript').innerHTML;
}
</script>
I've been trying to work on a way to call another domain's page source with the script tag. I've seen a working example, but cannot find it for the life of me...
You can't do that. There is no innerHTML....all you can do is pull down the file view XMLHttpRequest to get to its contents....but of course, that is limited by same-origin policy, but script tags are not. Sorry.
actually, there is a way to get the content, but it depends on the remote server letting you get the file without valid headers and still fails a lot of the time just because of those settings. using jQuery since it's the end of my day and I'm out the door....
$.get($('#externalScript').attr('src'), function(data) {
alert(data);
});
I'm guessing you want one of two things:
To make a JavaScript file global (so that other pages can call it)
To get the script that is currently in the file
Both of those can be solved by moving your script to a .js file, and then using the tag
<script src="[path-to-file]"></script>
You can't do this. It would be a massive security problem if you could.
Script content can include any number of things. Consider this: a script loaded from a URL on your bank's website might contain all sorts of things, like your account number, your balance, and other personal information. That script would be loaded by your bank's normal pages to do what they want to do.
Now, I'm an evil hacker, and I suspect you may be a customer of Biggo Bank. So on one of my own pages, I include a <script> tag for that Biggo Bank script. The script may only load if there's a valid Biggo Bank session cookie, but what if there is? What if you visit my hacker site while you're logged in to Biggo Bank in another browser tab? Now my own JavaScript code can read the contents of that script, and your money is now mine :)
You can Use Html Parsers:
jsoup ยป jsoup: Java HTML Parser
jsoup: Java HTML Parser
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods.
refer this:
http://jsoup.org/
I assume that you can't use a JavaScript code snippet to validate if the browser user has turned off JavaScript. So what can I use instead? Can someone offer a code sample?
I'm looking to wrap an if/then statement around it.
I often code in CFML, if that helps.
this is a total hack but you could use an iframe inside the noscript tag to trigger an HTTP GET on a url to tell the server that a user doesn't have javascript enabled.
<body>
...
...
<noscript>
<iframe src ="/nojs.aspx?SOMEIDENTIFIER=XXXX&NOJS=TRUE" style="display: none;">
</iframe>
</noscript>
...
...
</body>
Use the <noscript> HTML tags.
Not sure what you are trying to do but if you just need to inform the user that Javascript is required you can just use the '<noscript>' tag. If you need to know on the server you could make an Ajax style request to the server from javascript. If you get the request javascript is working otherwise its not.
Are we talking about something like this:
JavaScript:
<body>
...
...
<script type="text/javascript">
<!--
document.write("Hello World!")
//-->
</script>
<noscript>Your browser does not support JavaScript!</noscript>
...
...
</body>
He's asking for a check to see if javascript is enabled.
I can only think of doing exactly what the OP said - try using some Javascript with an interval to send a callback if JS is activated - unfortunately I don't think you can check server side whether JS is enabled which is why you use tags rather than render different content from the server.
If you use Unobtrusive JavaScript then you don't need to check whether the user has JavaScript enabled.
If they have got JavaScript enabled then they'll get the full effect, but if they haven't then users will still be able to use your site. And as well as being better for accessibility you might find this approach boosts your SEO.
<noscript>
...some non-js code
</noscript>
Yes that NoScript snippet is right.
You might have javascript execute some AJAX query and check to see if it has. Those that download the page and don't execute the query either have JS disabled or they're robots.
Really all you can do is put some message in the tags. I seem to remember trying this on ASP.NET somewhere, but you can really only tell if the browser supports Javascript, not whether or not it is actually allowed/enabled.
I don't know much about CFML, but .NET has the ability to detect browser capabilities. It does not, however, have the ability to detect if the browser is capable of javascript, but has it turned off. So, you're stuck there too.
Besides the HTML noscript tag, there's not much you can do, as far as I know, besides writing javascript progressively (see progressive enhancement) so that you don't need to check for Javascript:off.
I don't know JS, but would it be possible to modify the links inside the page with JS? If someone goes to the unmodified link, they're not using JS, but if they do then they are using JS. Does this make any sense?
Have never worked out how to do it without a round trip, so it depends on what your goal is.
If they have to have javascript to proceed, then I have (in .net) done things like disabling the login button at the server side, then enabled it client side it with javascript, and used a noscript tag to show an error message.
If it has to work either way, you can use progressive enhancement, and / or use js to set a hidden field and then set a session variable, but this means that you don't know until they get to the second request.
you could write
<script type="text/javascript" language="javascript">document.write("<input type='hidden' name='hasJs' value='1' />");
or otherwise write a cookie via js and then read it at the server if you want to check server side for js.
if you are looking for a way to check it server side, you're can send the user a js that puts a cookie.... if the cookie exist on a a request then you can tell if the scripted worked or not!
One reliable way to do this is using javascript's $.post to send a note to your server. (Apologies if there's any errors in this, written off top of my head, will update later when I get around to testing). Should allow you to build it so you can even pull from session data if they're using javascript, which will allow you to serve up replacements for javascript without having to resort to .
Your on-page script:
<script>
function myJavascriptTest(){
$.post ()('myJavascriptTest.php', {myJavascriptOn: true}, function(){
return true;
}
myJavascriptTest()
</script>
And in the targeted .php...
<?php
if ($_POST['myJavascriptOn'] == true){
$_SESSION['javascriptIsOn'] = true;
} else {
$_SESSION['javascriptIsOn'] = false;
}
?>