Reputation:
Can JavaScript be made "invisible" to the client?
To my understanding, most of what you get when you are downloading a desktop application is binary code, code that has already been compiled (unless the application requires your pc to have an X interpreter installed). Can't we do something similar with JavaScript, in a way that the user can't trivially modify the intended interactivity of the site?
I know this isn't possible because of how the web, and browsers work. Your browser requests a site, the site responds with a .js file (that is actually stored somewhere in your PC and can be viewed through browser tools, or your file explorer ), and the browser's JavaScript interpreter executes it and nowadays even compiles it, I think.
But couldn't the inner workings of the browser be modified in a way that, for instance, the server sends you "compiled" JavaScript? Or perhaps sends you the JS files encrypted, the browser then compiles them and makes the uncompiled code inaccessible through the developer's console (and site's source)?
Is this theoretically possible, if changes were made to the way the web and web browsers work? I can think of some drawbacks of this, such as, you don't know what the hell you're downloading really (but most users don't know, in general, either way), and it'd break some of the openness of the Web, but it could also make applications potentially more secure, couldn't it?
Upvotes: 2
Views: 210
Answers (3)
Reputation: 288230
Theoretically, yes.
In fact, Encrypted Media Extensions introduce a similar concept, but for media elements:
Encrypted Media Extensions (EME) is a W3C draft specification for providing a communication channel between web browsers and Digital Rights Management agent software.
EME has been highly controversial within the W3C, because it places a necessarily proprietary, closed component into what might otherwise be an entirely open and free software ecosystem.
Hopefully, W3C won't be so mad to do the same for arbitrary JavaScript code.
Upvotes: 1
Reputation: 161
javascript bundling and minification can to some extent secure or make the javascript code less readable to end user.
Upvotes: 1
Reputation: 893
Short answer is "No." Long answer is "Noooooooooo."
Kidding aside, what you are proposing is called "obfuscation" and would not be any more secure than what exists now.
For example, lets assume that the Javascript was encrypted. How would the browsers decrypt it? They would need the key, right? So the un-encrypted code would be available in the browser's memory when the browser was executing it. This merely raises the bar for someone who was trying to access the code.
Granted, more people may be discouraged from accessing the code, but this should not be confused with being "more secure".
Upvotes: 3
Related Questions
- How do I hide javascript code in a webpage?
- How can I hide/protect my client-side HTML/JS code?
- Is it possible to hide or scramble/obfuscate the javascript code of a webpage?
- How to hide java script in browser page source?
- Possible to make a javascript "loadable" but not viewable/readable?
- Concealing JS/logic from user in HTML page
- Is it possible to hide a web based game jQuery code from the user?
- Is there any way to hide javascript functions from end user?
- Hiding external JavaScript
- Method to 'compile' javascript to hide the source during page execution?