I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:
<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?
Any other way to hide your javascript? (The above is only a prototype, it will eventually be a full costing system for the printing industry - I don't want anyone else to be able to steal it!) 13  1422 
"Simon Wigzell" <si**********@s haw.ca> wrote in message news:cfFXe.5242 75$s54.368146@p d7tw2no...
I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:
<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?
passing a parameter ???
Simon Wigzell said the following on 9/19/2005 4:32 PM: I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:
<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
And if JS is disabled or not present? Then the app is broken.
Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.
Yep, thats how the web works.
Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?
No.
Any other way to hide your javascript?
Delete it from your hard drive, delete it from your servers, then it
can't be seen. If it's on a website, it can be seen.
(The above is only a prototype, it will eventually be a full costing
system for the printing industry - I don't want anyone else to be able
to steal it!)
Then don't deploy it on the web. And do not fall prey to the likes of
people who will attempt to tell you that the commercial product they
sell can do what you want, it can't. Ira Baxter is the first name that
comes to mind.
But, I do not even need to load it independently, I only need to know
how to read the source from my cache while the pages is open and you can
not stop that.
If someone manages to tell you that "obfuscatio n" will help you, try the
obfuscation on a test page, open it in IE, then paste this into the toolbar:
javascript :'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer HTML.replace(/&/g,"&").repl ace(/</g,"<").repla ce(/%20%20/g," %20"). replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';
And press GO and find out how "safe" your code is.
--
Randy
comp.lang.javas cript FAQ - http://jibbering.com/faq & newsgroup weekly
"Zoe Brown" <zo***********@ N-O-S-P-A-A-Mtesco.net> wrote in message news:r6******** **********@news fe1-win.ntli.net...
"Simon Wigzell" <si**********@s haw.ca> wrote in message news:cfFXe.5242 75$s54.368146@p d7tw2no...
I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:
<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?
passing a parameter ???
No, the parameter would be visible in the source. "Simon Wigzell" <si**********@s haw.ca> wrote
Is there some way that my PGSampleTable.a sp could know it has been called
from outside the iframe and then just not serve the javascript?
-------------------------------------------------------
It's basically impossible to hide script (probably a good thing),
but to make it a bit more difficult to access casually,
within PGSampleTable.a sp <head> you could insert a kickout;
something like:
if (self == parent) {self.location. href="parentpag e.html"}
// or some other variation
if (self == top) {top.location.h ref = "parentpage.htm l"}
------------------------------------------------------
It's not foolproof of course (disabling javascript will still give anyone
access).
For fun, I've converted entire scripts to hex, but really,
anyone with patience can decode it.
-alu
Simon Wigzell wrote: I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:
<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?
Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry -
I don't want anyone else to be able to steal it!)
In addition to what Randy posted:
If you consider your formulas of any value - do your calculations
server side. Also better from accessibility standpoint.
--
Vladdy http://www.klproductions.com
Simon Wigzell wrote: I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:
<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?
Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry -
I don't want anyone else to be able to steal it!)
Offiscation could be interesting. Heres a variation on something
I've used before
When the browser first fetches http://www.dynamicwebsitesystems.com/PGSampleTable.asp
with no arguments have it output something like
<script>
var szSerialNo="SN" ;for(i in top){ee=eval("t op."+i);
if(typeof ee=='number')sz SerialNo+=ee+St ring(i).substri ng(0,1);}
document.locati on.href=documen t.location.href +"?"+szSeria lNo
</script>
This will result in a second call something like http://www.dynamicwebsitesystems.com...asp?SN105s0l4s
Now depending on this value you can send back script for your
application or a fake script for the nozy to stare at.
The reason to have a fake script is to keep the curious
from realizing what exactly you did.
The clue for your asp script is checking for the presence
of "0l" That's the number "1" fallowed by the lowercase
letter "L" in the faux serial number. This indicates no frames
There are more things you can do to verify the serial number
but the idea is not to let the nozy person know what your looking for.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Dr Clue wrote: The clue for your asp script is checking for the presence
of "0l" That's the number "1" fallowed by the lowercase
letter "L" in the faux serial number. This indicates no frames
typeo , that should be
( "0l" That's the number "0" fallowed by the lowercase "l" )
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
"Simon Wigzell" Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry - I
don't want anyone else to be able to steal it!)
geesh what's the big deal...if you have to ask this q
your stuff aint sophisticated enough to be worth "stealing"
JRS: In article <PTKXe.7183$LV5 .7178@trndny02> , dated Tue, 20 Sep 2005
02:56:47, seen in news:comp.lang. javascript, Vladdy
<vl**@klproduct ions.com> posted : If you consider your formulas of any value - do your calculations
server side. Also better from accessibility standpoint.
Not necessarily. A page with reader-side calculation can be fetched and
later operated off-line, and operating off-line is becoming more
important as the number of portable computers increases.
--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
<URL:http://www.jibbering.c om/faq/> JL/RC: FAQ of news:comp.lang. javascript
<URL:http://www.merlyn.demo n.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: F. Da Costa |
last post by:
Following is a snippet of html in which I hide a whole table and try to
hide a single row.
Here is my question (plz don't chew my head off if its css related instead):
Why does the divTable <div> Hide/Show work but not the divRow version?
What I'm trying to do here is simultaneously hide 1 or more rows
(possibly with nested divs as well).
This would allow for an elegant an well performing base for an html base
treetable (but I guess...
|
by: Pjotr Wedersteers |
last post by:
I am new to J(ava)Script, use PHP a lot and consider moving some stuff for a
project over to the client side. Problem is part of the PHP code is
copyrighted and the author would not be happy to see his work made available
to the world. Guess he is entitled to that opinion.
Is it possible to hide javascript and/or html data from the user or is the
only way to make it hard to get by obscuring it through removing
indentation, variable...
|
by: Ben |
last post by:
I have a form for data entry which is in a table. I have a select box
to enter a customer name, which takes it's options from the customer
database. I have a button to add a new customer. What I want is for the
relevant customer fields to magically appear underneath the selelect
box
when the "add customer button" is pressed. For some reason my code is
NOT
working. Have been trying to do it with div tags and style sheets using
a...
|
by: web_design |
last post by:
I put this together from some other scripts I am using on a site. I'm
trying to make a better email hiding script. It isn't working. Also, it
causes Internet Explorer 6 SP2 to block the script as "active content". :(
The idea is that if the user doesn't have JavaScript enabled, they will see
an image of the email address (that can't be read by email harvesting
programs). If JavaScript is enabled, the image will be hidden and the...
|
by: Mr Newbie |
last post by:
I was thinking about developing a workflow application yesterday and was
musing over the different approaches than one could take in restricting
specific actions on a ticket( Form ) at any said stage.
One approach I have used on other systems is to prevent the action buttons
appearing. For example, if one did not have the Role of Administrator, one
would be prevented from deleting a ticket not created by oneself.
However, it did occur...
| | |
by: skarnath |
last post by:
I have some javascript i don't want the client to be able to view. is there
a method of hiding the code vs disableing the right click button?
Once again thanks in advance.
SMK
|
by: Kourosh |
last post by:
I have a lot of DIV tags on an HTML page. I want to group some of them
so that I can hide them all together at once if needed. What's a good
way to do this? I want this to be compatible with at least IE 5. Would
it be a good idea to assign all DIV tags in the same group the same
"title" attribute?
This is what I want to do, but I'm not sure if it's the correct
approach, and I'm not sure how to set the style with javascript either:
...
|
by: Ste |
last post by:
Hi there,
I've got a website with a list of Frequently Asked Questions, so
there's a question and answer in a long list down the page.
Can anyone recommend a simple script that would allow me to hide each
answer when the page loaded, but then made them individually
appear/disappear when clicking the question?
I'm after a solution that will degrade gracefully if a page doesn't
|
by: Frank |
last post by:
Hi,
I have read the other post about hiding the updatepanel using the ajax
lifecycle as such at the end of the aspx page:
<script type="text/javascript" language =javascript>
var c = new Sys.UI.Control($get("GridPanel"));
function beginRequestHandler(sender, args)
|
by: rohitchawla |
last post by:
i am trying to show and hide a div when onmouseover and onmouseover another div element.
i am setting a setTimeout duration on onmouseout to delay the hiding of div for around two second
The problem is that when i mouseover an element and then onmouseout it and then back again mouseovers that element before the timeout, the element still gets hidden
so i put a flag=1 when i mouseover the element and flag=0 at mouseout and checked the value...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
