Reputation: 4555
Is it possible to hide or scramble/obfuscate the javascript code of a webpage?
I understand that client side code must be readable from the browser but I wonder (since there are too many things that I ignore) if there are ways to obfuscate to code to the end user and, if not what is the best practice to "pack" the javascript code.
Upvotes: 9
Views: 11921
Answers (9)
Reputation: 34347
It is good practice to minify your JS with a tool such as YUI Compressor. I would not obfuscate it unless you have a specific need to do this. There are plenty of online obfuscators such as this one
See this article: http://developer.yahoo.net/blog/archives/2007/07/high_performanc_8.html
Upvotes: 9
Reputation: 2898
It is possible to use following tools:
YUI Compressor - requires Java - very good compressor
Packer - creates the most confusing, and smallest code, but scripts don't run as fast as YUI - this can be used online though. Select 'Base62 encode' for maximum effect.
The Dojo Compressor I've never used this one, but it's on the top-list. It also requires Java.
JSMIN By Douglas Crockford, this one has a very simple algorythm, but it is still good. Meant to be used in combination with JSLint.
Upvotes: 0
Reputation: 1644
No obfuscation is going to keep your code truly secure and it might just give you the false illusion of security (cf. security by obscurity).
If you do need to keep some portion of your code secret, consider pulling the sensitive portions into a server side script and making (say) AJAX calls to the script. Especially with the advent of JSON, communicating with server-side scripts has never been easier.
Upvotes: 0
Reputation: 4224
Step 1: Don't.
You would have to do a lot to achieve any meaningful level of obfuscation. Obfuscating the names alone is not enough, since all of the standard functions will still be there (although they may be buried in a layer of shorter/obfuscated aliases), and deriving the purpose of a particular function is easy once the code is formatted nicely again. Anybody who really wants to know what your JS code does can, and will, no matter what you do to it before their browser gets a copy of it.
If you truly have valuable business processes in your JavaScript, then you're Doing It Wrong(tm).
Upvotes: 0
Reputation: 104780
Do not put any sensitive or personal information in javascript.
Spend your time on keeping your data on the server secure.
Upvotes: 0
Reputation: 5124
See here for a Free Javascript Obfuscator.
Given that it is in fact possible, if the reason you intend to obfuscate is to protect intellectual property, you are probably trying to derive value from your work the wrong way. It's fairly easy to reverse the obfuscation, and you would probably be wasting time maintaining your code.
Focus more on what services you intend to provide to those who visit your site as a means to differentiate your site from competitors
Upvotes: 2
Reputation: 2648
Is there a reason why this won't do the trick for you?
http://www.javascriptobfuscator.com/
Upvotes: 0
Reputation: 1038880
There are tools that could be used to compress javascript code and render it difficult for the end user to understand.
Upvotes: 0
Related Questions
- How do I hide javascript code in a webpage?
- Is it possible to compress and obfuscate Javascript code on the fly?
- How can i obfuscate or make unreadable my JavaScript files?
- Can JavaScript be made "invisible" to the client?
- Concealing JS/logic from user in HTML page
- Hiding jquery and javascript
- Is there a way to hide javascript code?
- create javascript code from obfuscated javascript code
- Hidden javascript code
- Hiding/Encoding my javascript code