How to hide html source & disable right click and text copy?

Question

The following website has both right click and view source disabled.

http://www.immihelp.com/visitor-visa/sponsor-documents.html

Can anyone shine some light on how this is possible?

Answer 1

However there is no 100% solution for this, but at least you can make it harder for the users.

In your HTML just place an empty tag, e.g. <div id="text1"></div>

Then call a javascript function - send a POST request via ajax to e.g. renderer.php file, which will pull the content from database and return as json response.

Then via $(#text1).html(textfromphp) you just put the text to your id on the page.

Plus you disable left/right click on your page via javascript.

So the user can't copy anything from your page, even if the user opens the source code, he will see just empty DIV tag!

You can also disable right click to prevent opening dev tools or F12.

Also the renderer.php file has a session check, so it can't be run standalone if anyone tries it and it also awaits POST request.

If the user disables javascript, the content is not rendered anyway.

The only way to obtain your page content is via Network requests and not everyone can do that.

This is how I protect my content.

Answer 2

Not possible, but there is an alternative. It doesn't hide the HTML, but it rather hides JS code. It is better than hiding nothing. If you are using any front-end framework like ReactJS, etc. So, you can actually hide your source code from showing up in the Sources tab of the browser.

Follow these easy steps:

1. Create a .env file in your project
2. Write GENERATE_SOURCEMAP=false in the .env file
3. Now, deploy the code to Netlify, etc.

Now, *min.js files we made rather than original JS files in the browser.

Answer 3

This code is used for disable the right click events and keyboard shortcuts.

Just try with this code

document.onkeydown = function(e) {
    if(e.keyCode == 123) {
     return false;
    }
    if(e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)){
     return false;
    }
    if(e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)){
     return false;
    }
    if(e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)){
     return false;
    }

    if(e.ctrlKey && e.shiftKey && e.keyCode == 'C'.charCodeAt(0)){
     return false;
    }      
 }

Answer 4

I think, here, right click is not mentioned, @Jishnu V S.

document.onkeydown = function(e) {
    if(e.keyCode == 123) {
     return false;
    }
    if(e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)){
     return false;
    }
    if(e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)){
     return false;
    }
    if(e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)){
     return false;
    }

    if(e.ctrlKey && e.shiftKey && e.keyCode == 'C'.charCodeAt(0)){
     return false;
    }      
 }

Answer 5

You potentially can not prevent user from viewing the HTML source content. The site that you have listed prevents user from right click. but fact is you can still do CTRL + U in Firefox to view source!

Answer 6

You can use JavaScript to disable the context menu (right-click), but it's easily overwrittable. For example, in Firefox, go to Options -> Content and next to the "Enable JavaScript" check box, click Advanced. Uncheck the "Disable or replace context menus" option. Now you can right-click all you want.

A simple CTRL + U will view the source. That can never be disabled.

Answer 7

I have constructed a simple self checking php file, it only allows real loading by humans, and not robots like ( online source code viewer's ) ..

I'm not sure about View Source from Chrome, but it does block access to the html... Not just obfuscation, it uses a bounce back submittance to validate loads.

The short code was still visible in source viewers, so i obfuscated it also...

The page is loaded and bounces back, the bounce gets the real page, not the loader !

   // Create A New File called ( lock.php ) 

Copy this into it....

<?php 
// PAGE SOURCE GUARD by Elijah Cuff.
if (!hasParam('bounce'))
{
echo "
<script type='text/javascript'>
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%63%36%36%32%32%30%36%62%32%63%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%33%33%31%37%31%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%35%37%35%31%36%35%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%36%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%63%36%36%32%32%30%36%62%32%63%28%27') + '%47%67%7f%76%73%44%15%15%45%69%74%7e%76%23%7a%6e%7f%6f%75%6c%46%2f%73%74%7f%7f%2d%2f%6a%6f%42%28%7e%62%7a%2d%45%15%15%47%66%71%73%7a%7a%20%7f%78%73%6a%45%2d%6b%66%6f%6f%6a%74%2e%23%73%62%72%6d%46%2d%61%70%7e%75%69%6d%2d%21%79%66%74%7e%6e%4a%2d%32%29%44%44%30%68%71%77%7d%7f%41%1a%15%47%34%6c%73%7d%74%41%12%16%47%7c%60%7d%6a%77%7a%42%16%17%23%7c%69%71%6f%7c%78%31%78%6b%7c%5f%68%76%6a%73%7e%7f%27%69%7e%75%69%7c%6a%72%71%2f%29%23%84%1a%15%23%6b%75%6f%7e%74%6e%75%7c%31%68%62%7f%4e%73%6b%75%6e%73%7f%49%79%4a%6f%27%67%28%79%67%7b%67%2a%2a%35%7f%7e%6d%7a%6a%7f%2f%2f%47%16%17%23%27%85%37%23%33%33%33%2e%41%15%15%45%30%78%6f%7d%6a%7f%7f%41%12%10%44%30%69%7f%72%74%417633171%35%39%35%35%31%30%36' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>
";
exit;
}
function hasParam($param)
{
    return isset($_POST[$param]);
}
?>

NOW ADD THIS TO THE VERY TOP OF
EVERY PAGE .. Example....

<?php
 // use require for more security...
include('lock.php'); 
?>

<HTML> 
etc.. etc...

Answer 8

There is no full proof way.

But here is some strategy that can be employed to hide source code using "window.history.pushState()" and adding oncontextmenu="return false" in body tag as attribute like <body oncontextmenu="return false"> to disable right click too along with modifying view-source content using "history.pushState()".

Detail here - http://freelancer.usercv.com/blog/28/hide-website-source-code-in-view-source-using-stupid-one-line-chinese-hack-code

Answer 9

If you are using jQuery, it is possible to disable rightclick on the whole page like this:

$( document ).ready(function() {
    $("html").on("contextmenu",function(){
        return false;});}

Answer 10

You can't.

ANYTHING that can be read by the browser can also be read by humans. If you want something hidden, don't send it to the user's browser.

You can add all sorts of gimmicks and tricks to disable right-click and disable ctrl+U

All a user has to do is add view-source: to the url and they will see the source right away.

Example

view-source:https://stackoverflow.com

Answer 11

<script>
$(document).ready(function() {
    document.onkeydown = function(e){
        if (e.ctrlKey &&
            (e.keyCode === 67 ||
                e.keyCode === 86 ||
                e.keyCode === 85 ||
                e.keyCode === 117)) {
            return false;
        } else {
            return true;
        }
    };
});
</script>

Answer 12

$(document).ready(function() { 
 `$(document).bind("contextmenu copy paste cut drag drop ",function(e {`return false;`});`

Answer 13

 <body oncontextmenu="return false">

Use this code to disable right click.

Answer 14

You can still view the source on the website by going to View > Page Source from the toolbar in firefox. Or View > source in IE.

The right-click is disabled via javascript. The source for the javascript is:

http://www.immihelp.com/common/utils.js

Answer 15

You cannot effectively hide your HTML and JavaScript code, even if you encrypt or minify it.

If the code you're trying to hide is really sensitive, it should either be in a protected area of the site, i.e. an area that you can only access via a username and password, or potentially in a client application that isn't exposed via the web.

If you have to expose the application functionality via a web frontend, you could use Silverlight to write the frontend or bits of the frontend. In the old days you could also use ActiveX.

Answer 16

It's a horrible thing to do, as everybody else has said, but if you really are intent on doing it, use this code, and put a load of returns at the top of the page's source:

<html>
  <head>
    <script>
      function disableClick(){
        document.onclick=function(event){
          if (event.button == 2) {
            alert('Right Click Message');
            return false;
          }
        }
      }
    </script>
  </head>
  <body onLoad="disableClick()">
  </body>
</html>

Answer 17

Believe me, no one wants your source as much as you may think they do. When you decided to develop web pages, you became an open source developer.

It's not possible to disable viewing a pages source. You can attempt to circumvent unknowledgeable users from seeing the source, but it won't stop anyone who understands how to use menu's or shortcut keys. Your best bet is to develop your site in a manner that will not be compromised by someone seeing your source. If you're attempting to hide it for any other reason than to protect your intellectual property, then you're doing something wrong.

Answer 18

View source is not disabled in my browser (Chrome).

But they have added a lot of blank lines to the source, so you have to scroll down to view it. Try to scroll down and you will see.

the disabled right click is possible with javascript, but dont do it. Its very irritating for the user.

Answer 19

Hiding HTML source isn't really possible. Disabling right-click only frustrates users who wish to do something constructive with your content (copy/paste content or forms, or print, for example).

If you're running a server-side scripting language you could obfuscate or minify the HTML, CSS and Javascript. This will make it harder for someone to copy your code or see how you've achieved certain effects.

Answer 20

The following website has both right click and view source disabled.

They fooled you. Just scroll down in view-source.

Furthermore, employing such tactics marks you as unprofessional. Don’t do it.

Answer 21

They do this with some basic javascript, but this does not actually hide your HTML source! In many browsers you can simply go to view->source on the menu. Even if you couldn't, it is trivial to simply load up a debugging proxy like Fiddler, or packet-sniff the connection.

It is impossible to effectively hide the HTML, JavaScript, or any other resource sent to the client. Impossible, and isn't all that useful either.

Furthermore, don't try to disable right-click, as there are many other items on that menu (such as print!) that people use regularly.