How can I hide or encrypt JavaScript code

Question

Is there any way to hide or encrypt JavaScript code to prevent people from viewing  copying  and or modifying proprietary programs

User · Accepted Answer

You can obfuscate it  but there s no way of protecting it completely   example obfuscator   https   obfuscator io

User · Answer

While everyone will generally agree that Javascript encryption is a bad idea  there are a few small use cases where slowing down the attack is better than nothing  You can start with YUI Compressor  as  Ben Alpert  said  or JSMin  Uglify  or many more   However  the main case in which I want to really  hide stuff  is when I m publishing an email address  Note  there is the problem of Chrome when you click on  inspect element   It will show your original code  every time  This is why obfuscation is generally regarded as being a better way to go   On that note  I take a two pronged attack  purely to slow down spam bots  I Obfuscate minify the js and then run it again through an encoder  again  this second step is completely pointless in chrome    While not exactly a pure Javascript encoder  the best html encoder I have found is http   hivelogic com enkoder   It will turn this    lt script type  text javascript  gt     lt   CDATA   lt  -- var c function e    var m  mail     to webmaster  var a  somedomain   e href   m     a   com          -- gt       gt   lt  script gt   lt a href     onclick  return c this    gt  lt img src  images email png    gt  lt  a gt    into this    lt script type  text javascript  gt     lt   CDATA   lt  -- var x  function f x  var i o      ol x length l ol while x charCodeAt l 13        50  try x  x l  l  catch e    for i l-1 i gt  0 i--  o  x charAt i   return o      substr 0 ol   f    87     meozp 410     220    s-dvwggd130     -2o V PY420         I         V         620    o710    RB        610    JAB620    720    n         530    410    WJJU010      gt snnn j5J 771    p  saa- W  T   vk          lt 02     0     610     Dr    010    630    400    620    700            N730     530         2S16EF600     420    9ZNONO1200     000      7400     n     010    hpr          -cn720    a ce230    500    f730    i  200    630     YIR720     720        r    720    h  P  JHADY310    t230    G500    VBT230    200    Clxhh tzra       g0M0   Pgche Z8i p v 600            R730    Q620    030    730    100    72     0    530    700    720    M410    N730    r    530    400    4420    8OM771          4400     010    t    120    230    r    610    310    530    e o120        RfJjn    020    lZ        CZEWCV771    v5lnqf2R1ox771    p        tr    220         310    420    600    OSG300    700    410    320    410    120    620         q 5 lt   0 gt       f  o nruter      y   i tAedoCrahc x edoCrahCmorf gnirtS  o      721  y   y 87 lt i fi    i l lt i 0 i rof htgnel x l          o i rav  y x f noit     cnuf                                                                           while x eval x      -- gt       gt   lt  script gt    Maybe it s enough to slow down a few spam bots  I haven t had any spam come through using this   yet

User · Answer

If you have anything in particular you want to hide  like a proprietary algorithm   put that on the server  or put it in a Flash movie and call it with JavaScript  Writing ActionScript is very similar to writing JavaScript  and you can communicate between JavaScript and ActionScript  You can do the same with Silverlight  but Silverlight doesn t have the penetration Flash does   However  remember that any mobile phones can run your JavaScript  but not Silverlight or Flash  so you re crippling your mobile users if you go with Flash or Silverlight

User · Answer

No  it s not possible  If it runs on the client browser  it must be downloaded by the client browser  It s pretty trivial to use Fiddler to inspect the HTTP session and get any downloaded js files   There are tricks you can use  One of the most obvious is to employ a javascript obfuscator   Then again  obfuscation only prevents casual snooping  and doesnt prevent people from lifting and using your code   You can try compiled action script in the form of a flash movie

User · Answer

One of the best compressors  not specifically an obfuscator  is the YUI Compressor

User · Answer

JavaScript is a scripting language and therefore stays in human readable form until it is time for it to be interpreted and executed by the JavaScript runtime   The only way to partially hide it  at least from the less technical minds  is to obfuscate   Obfuscation makes it harder for humans to read it  but not impossible for the technically savvy

User · Answer

The only safe way to protect your code is not giving it away   With client deployment  there is no avoiding the client having access to the code   So the short answer is  You can t do it  The longer answer is considering flash or Silverlight   Although I believe silverlight will gladly give away it s secrets with reflector running on the client   I m not sure if something simular exists with the flash platform

[javascript] How can I hide or encrypt JavaScript code?

Examples related to javascript

Examples related to encryption

Examples related to obfuscation