I'm writing a javascript that generates some data. I intend to use it as a free web application, open for everyone that want to use it.
But I got a lot of time and effort to write this this script (mainly because I want it to personal use and I couldn't find anything efficient and resumed as this). I'm a beginner developer and I know is impossible to protect or obfuscate the script because you don't even need other app to decoding obfuscated info, there's a lot of methods and the laziest is just find the "eval" word in the js file and replace it with "alert". When you open the html page boom you receive a popup window with all the code decoded...
What I'm asking is if there's anyway to prevent when a user "save as..." the page with the browser, the javacript and css files do not be saved in the structure.
In the past I tried to save some pages with the browser and I only could save the html file (and sometimes not even with all the html information, I suspect there was iframes), no js and no css... I tried with some websites downloaders (sitesucker,deepvacumm,etc) and not even with this downloaders I was able to download the files. The only way was to "inspect" the page and download it manually and make the folder structure manually.
As I said I want to give this script totally free as a service (I will even buy a domain for it) because I made it with love. My only request (to receive some kind of personal pride) is that when people want to use it they came to my site and made it in real time and if they "save as..." the page, they can save the generated information that don't save the script, so they came back again to use the service.
Does anyone can help with some tips and information. Links, advices, professional and personal tricks?
I think it is not possible to prevent access to the Javascript code in the browser. I also think that by minifying the JS code e.g. with Google's Closure compiler (ADVANCED option) you protect your code as much as you can. Although the code can be copied as it is, it cannot be understood or modified with a reasonable effort.
You could download all JavaScript/CSS files through one JavaScript file (a loader), like this. That way, downloaders have to execute JavaScript before they can know what JavaScript/CSS files are included, which I don't think they do. As I said in my comments, I'm not entirely sure whether this works!
HTML:
...
<script src="loader.js"></script>
<!-- no other JavaScript/CSS here -->
...
loader.js:
window.onload = function() {
var head = document.getElementsByTagName('head')[0]; // the <head>
var scriptElement = document.createElement('script'); // create <script>
scriptElement.src = 'file1.js';
head.appendChild(scriptElement); // add <script> to <head>
var linkElement = document.createElement('link'); // create <link>
linkElement.setAttribute('rel', 'stylesheet');
linkElement.href = 'file1.css';
head.appendChild(linkElement); // add <link> to <head>
}
Convert your code to a server side script (PHP, Python, C#, etc). It's the only way to be sure your users won't be able to "steal" your work.
JavaScript must eventually be decoded by my browser, and at that moment, is available to me too, and there is no way to prevent it, you can only make it harder.
But the bottom line is: why do you have to do it? If you only want "personal pride" wouldn't it be better to upload your code to a collaborative site like github or SourceForge where other people can appreciate your work and maybe even contribute to it?
Also, if you share your code under a licence like GPL or CC everyone who reuses your code must give credit to you (yes, one can simply steal it, but that is possible under your scenario, too).
There is really no technical solution to your problem: if the user can execute your javascript, they will have to download it somehow. Whatever solution chosen, anyone with sufficient knowledge of Firebug or the Webkit inspector will be able to retrieve the script. You can obfuscate it my minifying it, but it will not prevent anyone to use it as-is.
The solution to your problem is legal, not technical. If you explicitly state, in your Javascript header, that the script is under a restrictive licence, anybody copying it would break the law. If you find somebody doing this, you can then:
nicely ask them to remove the script from their site
threaten to sue?
(by the way, if I may give a personal opinion here, there is much personal pride to be had in giving away code anybody can re-use... you can include your name and a link to your site in the header of the script: it is considered very bad form (and potentially illegal) to remove attribution and copyright notices)
Related
i have seen answers to similar questions. but, not quite what i want to know. if i make an external javascript file. then, on the client side, when the client loads the HTML, all they see is a link to the external javascript file. like this:
<script src="myScript.js"></script>
they never see the source code.
i don't get all this talk about obfuscation & minification. best way is just make an external file. then, without hacking into the server to download the source, they will only get machine code.
They can still follow the link to get the file directly.
Just display the source of this (this question) page, you can see
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
but you can still simply open https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js to see the source.
Even obfuscation doesn't provide protection as the source is still accessible to the client and he can de-obfuscate it (although that can be hard, it is not impossible).
And minification is used to reduce file size, so the file loads faster (and thus the page load time is lower).
i get it now. but, someone answered that you can hide the source w/PHP server side produced web pages. i haven't understood this yet. but, i have seen this answer a few times. this would seem the way to hide your scripts.
I designed one website but I don't want to give access to end user to download my css and js files.
because If I designed one website so anybody can stolen my design by downloading my css and js files.
So is there any mechanism for secure our css and js files?
There is not really any way to secure your CSS and JS from being downloaded as the users browser needs to download these files.
One technique which is normally used to reduce CSS and JS file sizes is minification. Although it does not secure the files as such, it makes JS far harder to understand when you choose to mangle the variable names.
Online JS minifier to try out
It is not possible. Browser need to read your css file and js file. If browser can read then user can read also. You can minify your codes only e.g http://refresh-sf.com/yui/ and also you can add copyright comment blocks.
For javascript I would suggest you to use Base62 encoding.
This will also reduce the size and thus boost the performance since there will be less loading time
You can do base 62 encoding here
Other than that you cannot host your javascript file into an non downloadable form!!
Same goes with CSS too.
Once someone enters the full link the css/js files will be shown. All the files be available in the clien machine!!
To put up a plain straight answer to your question, the answer is NO
In order for visitors to see and use your site, they will have to download the necessary styles and scripts.
You can compress and obfuscate your code of course (the former actually benefits the end-user), but that's the best you can do; it won't stop someone from ripping it and using it as-is for their own nefarious purposes.
Now, your code is technically copyrighted; if you find someone who infringed on this copyright and they're using either a literal copy or a substantial part of your original work, you could theoretically sue them. Whether this is a viable approach is a tough question to answer and you will need someone with at least some kind of law degree and/or experience in this field.
Personally I would say that your chances of successful legal retribution are low, but so is the chance of someone stealing your code and profiting from it.
Is there any way to prevent unauthorized access to JavaScript files.
<script src="JS/MyScript.js" type="text/javascript">
Users should not be able to view the MyScript.js file.
I would like to know ,is it possible to do that ? If possible please give me an idea. :)
Thank you..
It's not possible.
The file must be fully accessible for it to work in your pages. The server has no way to determine if the request was from a script tag, by directly typing it into the browser window, etc.
You can minify your file to make it less human-readable. You can also obfuscate it, although that will have a performance impact on your website. However these are reversible, and anyone who really wants to reverse engineer your code still can.
As with everything though, you should be prepared for anyone to see anything you put online.
If the JS file is getting loaded on the client its possible to read it.
If you got stuff in the JS file that the user is not supposed to have access to, I would recommend another approach to the problem.
If you don't want it to load at all on the client if its not authorized, you could use some serverside script to prevent it from load.
Is there any way to "edit" a "server side" javascript file in one of the mentioned browsers that will save the js edits on the client side and replace the server side scripts?
Basically I want to edit the javascripts on the server. Obviously I can't save them on the server so they need to be saved on the client side(my computer) and the browser needs to load my scripts instead.
It shouldn't be hard to do at all but I've not been able to find any way to accomplish this.
Edit:
I want to modify the javascript's from a site I do not own or have write access too. e.g.,
Html page uses some javascript page on server. I want to modify this javascript file(the actual file).
I can download and save the javascript file BUT the html page will always use the one on the server because that is what is in the script tag. I need to modify the script tag of the html page to point to the local javascript file BEFORE the html page's scripts are executed(else the javascript from the server will be used).
here, for example, is a script tag from SE:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
It uses a non-local javascript file. I need to replace this line with my own line before any javascript is executed. It would like like:
<script type="text/javascript" src="file://C:/temp/myjquery.min.js"></script>
or whatever. (this way, I can modify the jquery file and have it execute my own version of the one on the server)
I, could, ofcourse, download the html file and modify it BUT then php code may not work among other things. (for example, relative links will be broke)
this is usually very easy in Opera: Just view source, edit what you want and use the special "Tools > Advanced > Reload from cache" command instead of a normal reload. Voila, you'll be running the site with your modified scripts..
(There are some exceptions, related to specific no-caching techniques some sites use it won't work 100% for all files - but it certainly should work for anything served from googleapis.com)
I think what you're looking for is something like LiveReload
It allows you to edit css files and have the browser apply the changes without refreshing the browser.
The windows version is in alpha right now but the Mac version works quite well for CSS.
I don't know if it does Javascript but I think it might.
You could also try the Chrome DevTools. It's a chrome extension that does just what you want with javascript and css.
No problem, you want to use bookmark-lets for this. Indeed it is easy, just remember to use an anonymous autoexecuting function: javascript:(function(){ //commands })();
In the sane good old day's one could even place this javascript directly into your addresses, but nowaday's some browser-builders (like firefox we coders USED to trust in the old day's) are being a 'good boy' and listen to facebook's 'demands' to kill normal standard functionality in favor of their lack on comprehending closures... But alas..
Ofcourse you could also create a bookmark to fix firefox's insanity, again reclaiming power to the user :)
Every time you visit the site, you click your bookmarklet. Done.
One can even make it 'memory resistant' for as long als you are on the same page (if you really want to). Naturally power is with the user/visitor AS IT SHOULD BE, not with the webmaster (who already publicly shared whatever info).
You might also look into greasemonky on firefox and comparable solutions.
Good luck
Build a string on the server side to write all your javascript code on the server side.
As part of a job I'm doing on a web site I have to copy a few thousand lines of text from several pages of the old site and paste them into the HTML for the new site. The long and painstaking way of going to the old page and copying the many lines of text and then going to my editor and pasting it there line by line is getting really old. I thought of using injected JavaScript to do this but I'm not quite sure where to start. Thanks in advance for any help.
Here are links to a page of the old site and a page of the new site. As you can see in the tables on each page it would take a ton of time to copy it all manually.
Old site: http://temp.delridgelegalformscom.officelive.com/macorporation1.aspx
New Site: http://ezwebsites.us/delridge/macorporation1.html
In order to do this type of work, you need two things: a way of injecting or executing your script on that page, and a good working knowledge of the Document Object Model for the target site.
I highly recommend using the Firefox plugin FireBug, or some equivalent tool on your browser of choice. FireBug lets you execute commands from a JavaScript console which will help. Hopefully the old site does not have a bunch of <FONT>, <OBJECT> or <IFRAME> tags which will make this even more tedious.
Using a library like Prototype or JQuery will also help selecting parts of the website you need. You can submit results using JQuery like this:
$(function() {
snippet = $('#content-id').html;
$.post('http://myserver/page', {content: snippet});
});
A problem you will very likely run into is the "same origination policy" many browsers enforce for JavaScript. So if your JavaScript was loaded from http://myserver as in this example, you would be OK.
Perhaps another route you can take is to use a scripting language like Ruby, Python, or (if you really have patience) VBA. The script can automate the list of pages to scrape and a target location for the information. It can just as easily package it up as a request to the new server if that's how pages get updated. This way you don't have to worry about injecting the JavaScript and hoping all works without problems.
I think you need Grease Monkey http://www.greasespot.net/