This question already has answers here:
How can I obfuscate (protect) JavaScript? [closed]
(22 answers)
Closed 9 years ago.
I am looking for the currently hardest-to-reverse JavaScript obfuscator. Bonus points if it can be run on one's own server. Performance hit and code bloat are fine.
Write it in Java, then run the bytecode in JavaScript with an obfuscated orto. That'll require two layers of decompilation in order to make any sense of it.
I'd be curious as to why you want to do this. Obfuscation offers no real protection. If you have something to protect, move it to the server-side, otherwise, why bother. If you're doing as you should and minifying/combining your JS that should be more than enough to scare away anyone not serious about knowing what your code is doing, and has performance benefits to boot. If they are serious, obfuscation isn't going to help you.
The JavaScript Code Encrypter And Obfuscator looked nice, until I actually tried to attack it. Took me about two minutes. The trivial solution:
for (i in window) { console.log(window[i]) }
That churned out a bunch of gibberish, but also the original code neatly boinked into one variable.
Note to self: Never, ever, ever, ever use anything you don't fully understand when it comes to security.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I am working on an update of a curriculum for teaching non technical students the basics of programming, esp. programming for the web.
I prefer coffeescript over javascript for the (most times) much shorter and - as I think - better readable code.
On the other hand there are thousands of examples written in Javascript which are harder to understand if you know only about Coffeescript.
For the last years I just told my students to use a split screen in the editor, code CS in one frame and see JS in the other to see what is the translation of the CS statements in JS. And I showed the how to use CS2JS and JS2CS converter. The idea behind this is to make things visible like what "for-each" or "for-in" statements of CS do, as they are shown in JS in an unfolded way.
(I know this example leaks a little bit as ECMA 5 is rolled out now for a little time, but I am doing this for didactic reasons for a little while now)
Another problem is that there a not so much code hinter etc. for CS then for JS available.
EDIT
As the community seams to see this question to be opinion based, I precise it:
What toolchain do you use to make an easy entrypoint available for newbees to learn CS?
My pipeline builds on brackets.io as a webservice, node, gerrit, gitlab, ungit, jenkins, jade, less, coffeescript, ...
I have the need to make everything available totally offline so I wrap the tools in docker containers and VMs.
Before this question is closed as opinion-based, which indeed it is, let me comment that I cannot imagine the value in teaching non-technical students about CS vs. JS transpilation issues. They must have MUCH better things to spend their time on. As lovely as CS is, it is a dialect. Teaching it is like teaching Cockney slang in an English class. Furthermore, notwithstanding all the great code written in CS and the great benefits in efficiency it brought to those who used it, for better or for worse it is now on its way out, superseded by ES6 and TypeScript and eventually ES7.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I know that this is more of a legal question but I thought I'd give this a shot.
I am learning javascript and I found some interesting drop down menu's on a webpage. I wanted to learn more about them but the code is minified with the following in the comments above the minified code:
// Unauthorized decryption/reproduction of any codes contained herein is strictly prohibited and will result in severe civil and criminal penalties.
Is it really illegal for me to unpack the code and look through it? Can I be sued for looking at code without actually using it?
I'm no expert, but if there were anything criminal about viewing a website's source code, then browsers would not make it so easy.
While I can definitely say that using someone else's code without permission is wrong, I think it's a great thing to learn from it.
IANAL
Minification is not encryption. You already have permission to copy the file to your machine and open it (as your browser requires these permissions to use it). There is no legal protection for examining the contents of a file that's freely available. You can even modify it on your own system at will, these sorts of copyright allowances fall under fair use because you're doing so for educational purposes.
What you can't do is distribute the file or the modified file.
In my honest opinion, it shouldn't (and probably isn't) illegal to look at the code since it's open to anyone.
Using and learning from the source code are two completely different things.
Using someone's work without their permission is simply wrong no matter what the context is (code, images, art, etc).
But learning from other source code is probably the best way to learn and get better.
As for their legal note, I think they just put that there to scare people off but I don't think it would stand in court.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
How can I obfuscate JavaScript?
Hi there, is there any way to encrypt code written in javascript, that's displayed in the browsers window..
The below link has a similar discussion and has answer to that.
How can I encrypt JavaScript code so that it's not decryptable?
Hope this will be helpful.
You mean that you want to obfuscate your javascript code so that others cannot read it properly?
Try jCompress or any other Javascript Minifiers
There is no way to encrypt (because otherwise the browser couldn't run the code) but you can obfuscate. Just search for 'Javascript Obfuscator' .
I wouldn't recommend this though, as obfuscators can cause bugs and it is possible to deobfuscate them.
Is there any reason why you want to encrypt the javascript?
If you mean a way to encrypt it so it can't be stolen than the answer is no. The browser needs to be able to read the code to be able to execute it. There are tools to make it harder to read for humans but in the end you can't avoid people stealing your code.
Plenty of tools available on google. 1 Example: click
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I am proficient in C++, I dont know Java Script and want to learn JS, What should be the way/process for me? I know basic html, CSS.
Check out the one and only JavaScript Guide from MDC:
https://developer.mozilla.org/en/docs/Web/JavaScript/Guide
Besides that, forget everything you know about C++ it won't help you in any way. JavaScript is a completely different beast on its own.
It will take a lot of type to learn all the quirks of the language and the Browsers it runs in, if you want to do server side JavaScript check out Node.js, but be advised, learn a lot about JS before doing that.
An answer that takes things in a different angle: Have you heard of Emscripten?
Emscripten is basically a C/C++ to Javascript converter. It allows you to write code in C/C++, compile it, and then convert your compiled bitcode to Javascript.
Clearly, this isn't aimed at teaching a C++ programmer to write Javascript, so it isn't a direct answer to this question. But it does allow him to create Javascript code, in a round-about sort of way.
Of course, he could always try using it a learning tool, by writing some C++ code and studying the converted Javascript. It might be helpful in simple cases, although I suspect it wouldn't be ideal code to learn from.
Check out http://codeavengers.com to learn JavaScript, it's the best and easiest way.
Good browser + a debugger plugin (both firefox and opera will suffice). Plus for the start its good to start on top of some good JS library: jQuery or Mootols (my favourites).
The hardest issue for me were the differences in the implementation. C++ compilers tend to break the standard, or implement just some parts of it, but the differences between javascript implementations are just insane.
If you are OK with C++, you will be able to code pretty easily, the syntax is similar, but everything is a lot simpler and dynamic.
There is no relation between c++ and javascript anyway, so being proficient in C++ does not help you learn javascript, altough it gives you heads up in getting accustomed to the writing code in javascript easily.
you can start here - http://homepage.ntlworld.com/kayseycarvey/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I have a lot of customized javascript and layout design, and I want to prevent people from using those. Is there any practical way to do this, or do I basically just have to be happy my php code does not show? I want to at least make it difficult to copy my site.
If people really want to get access to your source code they can do that fairly easily.
It is possible to slow people down to a limited degree by obfuscating code.
See:
http://code.google.com/p/minify/
http://refresh-sf.com/yui/
http://ajaxian.com/archives/utility-javascript-obfuscator
Maintaining obfuscated code is difficult. What you want to do is obfuscate it before deployment so that you can test and debug with the normal version. Debugging problems on a live site can be made a lot more difficult by the obfuscation.
All client-side code can be copied. If you're a web designer, your best bet is to just brand yourself well and keep innovating so that clients are more interested in the originator than the imitator.
There's no way to prevent people from seeing your source code. There are ways to obfuscate it and make it difficult to reuse, but there's no way to hide it. Also note that obfuscation makes it hard to maintain as well.
By far the most widespread method is to write so bad code that no one in their right mind would want to copy it, it's employed by approx 99% of web sites.
Is it actually a problem to you if someone snatch a piece of your code?
Sure it is a problem if someone the steal the whole site/application, but the only way you can really deal with that anyway is through standard legal means.
I use the Google Closure compiler for javascript. This is to reduce download size and remove redundant code but it has the added benefit of making the code much harder to read.
I have always envied people who sell JavaScript products because their work is always out in the open. I think this is a terrific deterrent for anybody who has something to lose—i.e., businesses, commercial web sites, and such. The day Google (or another big search engine) offers the possibility to search in pages' source code, you can start detecting copyright infringements within minutes.
And even if that search engine option never comes up, it's still possible to find out, very quickly and effortlessly, whether a site uses stolen Javascript.
On the other hand, a minifier used by the person stealing the code would make this much, much harder. So some minification/obfuscation, as suggested in the other answers, is probably a good idea nevertheless.
You can use an obfuscator for your code which will make site loadable but not readable to the other developers - they will not have an easy way to modify and adapt it.
You can use an obfuscator, if you like. It makes the source human-unreadable.
Scare them by using copyright marks in your code and a good lawyer. If they believe that you will sue them maybe the will steal form someone else.