How can I hide or encrypt JavaScript code

Question

Is there any way to hide or encrypt JavaScript code to prevent people from viewing  copying  and or modifying proprietary programs

User · Answer

While everyone will generally agree that Javascript encryption is a bad idea, there are a few small use cases where slowing down the attack is better than nothing. You can start with YUI Compressor (as @Ben Alpert) said, or JSMin, Uglify, or many more.

However, the main case in which I want to really 'hide stuff' is when I'm publishing an email address. Note, there is the problem of Chrome when you click on 'inspect element'. It will show your original code: every time. This is why obfuscation is generally regarded as being a better way to go.

On that note, I take a two pronged attack, purely to slow down spam bots. I Obfuscate/minify the js and then run it again through an encoder (again, this second step is completely pointless in chrome).

While not exactly a pure Javascript encoder, the best html encoder I have found is http://hivelogic.com/enkoder/. It will turn this:

<script type="text/javascript">
//<![CDATA[
<!--
var c=function(e) { var m="mail" + "to:webmaster";var a="somedomain"; e.href = m+"@"+a+".com";  
};
//-->
//]]>
</script>
<a href="#" onclick="return c(this);"><img src="images/email.png" /></a>

into this:

<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",ol=x.length,l=ol;while(x.charCodeAt(l/13)!" +
"=50){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o" +
".substr(0,ol);}f(\")87,\\\"meozp?410\\\\=220\\\\s-dvwggd130\\\\#-2o,V_PY420" +
"\\\\I\\\\\\\\_V[\\\\\\\\620\\\\o710\\\\RB\\\\\\\\610\\\\JAB620\\\\720\\\\n\\"+
"\\{530\\\\410\\\\WJJU010\\\\|>snnn|j5J(771\\\\p{}saa-.W)+T:``vk\\\"\\\\`<02" +
"0\\\\!610\\\\'Dr\\\\010\\\\630\\\\400\\\\620\\\\700\\\\\\\\\\\\N730\\\\,530" +
"\\\\2S16EF600\\\\;420\\\\9ZNONO1200\\\\/000\\\\`'7400\\\\%n\\\\!010\\\\hpr\\"+
"\\= -cn720\\\\a(ce230\\\\500\\\\f730\\\\i,`200\\\\630\\\\[YIR720\\\\]720\\\\"+
"r\\\\720\\\\h][P]@JHADY310\\\\t230\\\\G500\\\\VBT230\\\\200\\\\Clxhh{tzra/{" +
"g0M0$./Pgche%Z8i#p`v^600\\\\\\\\\\\\R730\\\\Q620\\\\030\\\\730\\\\100\\\\72" +
"0\\\\530\\\\700\\\\720\\\\M410\\\\N730\\\\r\\\\530\\\\400\\\\4420\\\\8OM771" +
"\\\\`4400\\\\$010\\\\t\\\\120\\\\230\\\\r\\\\610\\\\310\\\\530\\\\e~o120\\\\"+
"RfJjn\\\\020\\\\lZ\\\\\\\\CZEWCV771\\\\v5lnqf2R1ox771\\\\p\\\"\\\\tr\\\\220" +
"\\\\310\\\\420\\\\600\\\\OSG300\\\\700\\\\410\\\\320\\\\410\\\\120\\\\620\\" +
"\\q)5<: 0>+\\\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;" +
"721=%y;++y)87<i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\\\"\\\"=o,i rav{)y,x(f noit" +
"cnuf\")"                                                                     ;
while(x=eval(x));
//-->
//]]>
</script>

Maybe it's enough to slow down a few spam bots. I haven't had any spam come through using this (!yet).

User · Answer

No  it s not possible  If it runs on the client browser  it must be downloaded by the client browser  It s pretty trivial to use Fiddler to inspect the HTTP session and get any downloaded js files   There are tricks you can use  One of the most obvious is to employ a javascript obfuscator   Then again  obfuscation only prevents casual snooping  and doesnt prevent people from lifting and using your code   You can try compiled action script in the form of a flash movie

User · Answer

One of the best compressors  not specifically an obfuscator  is the YUI Compressor

User · Answer

The only safe way to protect your code is not giving it away   With client deployment  there is no avoiding the client having access to the code   So the short answer is  You can t do it  The longer answer is considering flash or Silverlight   Although I believe silverlight will gladly give away it s secrets with reflector running on the client   I m not sure if something simular exists with the flash platform

User · Answer

JavaScript is a scripting language and therefore stays in human readable form until it is time for it to be interpreted and executed by the JavaScript runtime   The only way to partially hide it  at least from the less technical minds  is to obfuscate   Obfuscation makes it harder for humans to read it  but not impossible for the technically savvy

User · Answer

You can obfuscate it  but there s no way of protecting it completely   example obfuscator   https   obfuscator io

User · Answer

If you have anything in particular you want to hide  like a proprietary algorithm   put that on the server  or put it in a Flash movie and call it with JavaScript  Writing ActionScript is very similar to writing JavaScript  and you can communicate between JavaScript and ActionScript  You can do the same with Silverlight  but Silverlight doesn t have the penetration Flash does   However  remember that any mobile phones can run your JavaScript  but not Silverlight or Flash  so you re crippling your mobile users if you go with Flash or Silverlight

[javascript] How can I hide or encrypt JavaScript code?

Examples related to javascript

Examples related to encryption

Examples related to obfuscation