473,574 Members | 2,281 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Hiding my javascript

I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:

<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>

Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.

Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?

Any other way to hide your javascript? (The above is only a prototype, it will eventually be a full costing system for the printing industry - I don't want anyone else to be able to steal it!)

Sep 19 '05 #1
13 1405

"Simon Wigzell" <si**********@s haw.ca> wrote in message news:cfFXe.5242 75$s54.368146@p d7tw2no...
I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:

<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>

Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.

Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?

passing a parameter ???
Sep 19 '05 #2
Simon Wigzell said the following on 9/19/2005 4:32 PM:
I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:

<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
And if JS is disabled or not present? Then the app is broken.
Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.
Yep, thats how the web works.
Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?
No.
Any other way to hide your javascript?
Delete it from your hard drive, delete it from your servers, then it
can't be seen. If it's on a website, it can be seen.

(The above is only a prototype, it will eventually be a full costing
system for the printing industry - I don't want anyone else to be able
to steal it!)


Then don't deploy it on the web. And do not fall prey to the likes of
people who will attempt to tell you that the commercial product they
sell can do what you want, it can't. Ira Baxter is the first name that
comes to mind.

But, I do not even need to load it independently, I only need to know
how to read the source from my cache while the pages is open and you can
not stop that.

If someone manages to tell you that "obfuscatio n" will help you, try the
obfuscation on a test page, open it in IE, then paste this into the toolbar:

javascript:'<co de><ol><li>'+(d ocument.documen tElement||docum ent.body).outer HTML.replace(/&/g,"&amp;").repl ace(/</g,"&lt;").repla ce(/%20%20/g,"&nbsp;%20"). replace(/(\n\r?|\r)/g,"<li>")+'<\/ol><\/code>';

And press GO and find out how "safe" your code is.

--
Randy
comp.lang.javas cript FAQ - http://jibbering.com/faq & newsgroup weekly
Sep 19 '05 #3

"Zoe Brown" <zo***********@ N-O-S-P-A-A-Mtesco.net> wrote in message news:r6******** **********@news fe1-win.ntli.net...

"Simon Wigzell" <si**********@s haw.ca> wrote in message news:cfFXe.5242 75$s54.368146@p d7tw2no...
I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:

<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>

Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.

Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?

passing a parameter ???

No, the parameter would be visible in the source.
Sep 19 '05 #4
alu
"Simon Wigzell" <si**********@s haw.ca> wrote
Is there some way that my PGSampleTable.a sp could know it has been called

from outside the iframe and then just not serve the javascript?

-------------------------------------------------------
It's basically impossible to hide script (probably a good thing),
but to make it a bit more difficult to access casually,
within PGSampleTable.a sp <head> you could insert a kickout;
something like:
if (self == parent) {self.location. href="parentpag e.html"}

// or some other variation

if (self == top) {top.location.h ref = "parentpage.htm l"}

------------------------------------------------------

It's not foolproof of course (disabling javascript will still give anyone
access).
For fun, I've converted entire scripts to hex, but really,
anyone with patience can decode it.
-alu
Sep 20 '05 #5
Simon Wigzell wrote:
I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:

<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>

Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.

Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?

Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry -
I don't want anyone else to be able to steal it!)

In addition to what Randy posted:
If you consider your formulas of any value - do your calculations
server side. Also better from accessibility standpoint.

--
Vladdy
http://www.klproductions.com
Sep 20 '05 #6
Simon Wigzell wrote:
I have developed a javascript application that can be used by my clients
just by inserting the following in one of their web pages:

<script>
document.write( '<iframe
src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>

Anyone looking at the page containing the above will only see the the
above lines, not all the javascript source. Someone with a little more
savy though could just paste
http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their
browser and then they will see the javascript.

Is there some way that my PGSampleTable.a sp could know it has been
called from outside the iframe and then just not serve the javascript?

Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry -
I don't want anyone else to be able to steal it!)


Offiscation could be interesting. Heres a variation on something
I've used before

When the browser first fetches
http://www.dynamicwebsitesystems.com/PGSampleTable.asp
with no arguments have it output something like

<script>
var szSerialNo="SN" ;for(i in top){ee=eval("t op."+i);
if(typeof ee=='number')sz SerialNo+=ee+St ring(i).substri ng(0,1);}
document.locati on.href=documen t.location.href +"?"+szSeria lNo
</script>

This will result in a second call something like
http://www.dynamicwebsitesystems.com...asp?SN105s0l4s

Now depending on this value you can send back script for your
application or a fake script for the nozy to stare at.

The reason to have a fake script is to keep the curious
from realizing what exactly you did.

The clue for your asp script is checking for the presence
of "0l" That's the number "1" fallowed by the lowercase
letter "L" in the faux serial number. This indicates no frames

There are more things you can do to verify the serial number
but the idea is not to let the nozy person know what your looking for.

--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Sep 20 '05 #7
Dr Clue wrote:
The clue for your asp script is checking for the presence
of "0l" That's the number "1" fallowed by the lowercase
letter "L" in the faux serial number. This indicates no frames


typeo , that should be

( "0l" That's the number "0" fallowed by the lowercase "l" )

--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Sep 20 '05 #8

"Simon Wigzell"
Any other way to hide your javascript? (The above is only a prototype,
it will eventually be a full costing system for the printing industry - I

don't want anyone else to be able to steal it!)

geesh what's the big deal...if you have to ask this q
your stuff aint sophisticated enough to be worth "stealing"


Sep 20 '05 #9
JRS: In article <PTKXe.7183$LV5 .7178@trndny02> , dated Tue, 20 Sep 2005
02:56:47, seen in news:comp.lang. javascript, Vladdy
<vl**@klproduct ions.com> posted :
If you consider your formulas of any value - do your calculations
server side. Also better from accessibility standpoint.


Not necessarily. A page with reader-side calculation can be fetched and
later operated off-line, and operating off-line is becoming more
important as the number of portable computers increases.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
<URL:http://www.jibbering.c om/faq/> JL/RC: FAQ of news:comp.lang. javascript
<URL:http://www.merlyn.demo n.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Sep 20 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
23974
by: F. Da Costa | last post by:
Following is a snippet of html in which I hide a whole table and try to hide a single row. Here is my question (plz don't chew my head off if its css related instead): Why does the divTable <div> Hide/Show work but not the divRow version? What I'm trying to do here is simultaneously hide 1 or more rows (possibly with nested divs as well)....
8
3115
by: Pjotr Wedersteers | last post by:
I am new to J(ava)Script, use PHP a lot and consider moving some stuff for a project over to the client side. Problem is part of the PHP code is copyrighted and the author would not be happy to see his work made available to the world. Guess he is entitled to that opinion. Is it possible to hide javascript and/or html data from the user or...
5
2155
by: Ben | last post by:
I have a form for data entry which is in a table. I have a select box to enter a customer name, which takes it's options from the customer database. I have a button to add a new customer. What I want is for the relevant customer fields to magically appear underneath the selelect box when the "add customer button" is pressed. For some reason...
4
5180
by: web_design | last post by:
I put this together from some other scripts I am using on a site. I'm trying to make a better email hiding script. It isn't working. Also, it causes Internet Explorer 6 SP2 to block the script as "active content". :( The idea is that if the user doesn't have JavaScript enabled, they will see an image of the email address (that can't be...
22
2160
by: Mr Newbie | last post by:
I was thinking about developing a workflow application yesterday and was musing over the different approaches than one could take in restricting specific actions on a ticket( Form ) at any said stage. One approach I have used on other systems is to prevent the action buttons appearing. For example, if one did not have the Role of...
5
1175
by: skarnath | last post by:
I have some javascript i don't want the client to be able to view. is there a method of hiding the code vs disableing the right click button? Once again thanks in advance. SMK
24
5836
by: Kourosh | last post by:
I have a lot of DIV tags on an HTML page. I want to group some of them so that I can hide them all together at once if needed. What's a good way to do this? I want this to be compatible with at least IE 5. Would it be a good idea to assign all DIV tags in the same group the same "title" attribute? This is what I want to do, but I'm not sure...
12
1916
by: Ste | last post by:
Hi there, I've got a website with a list of Frequently Asked Questions, so there's a question and answer in a long list down the page. Can anyone recommend a simple script that would allow me to hide each answer when the page loaded, but then made them individually appear/disappear when clicking the question? I'm after a solution that...
0
1722
by: Frank | last post by:
Hi, I have read the other post about hiding the updatepanel using the ajax lifecycle as such at the end of the aspx page: <script type="text/javascript" language =javascript> var c = new Sys.UI.Control($get("GridPanel")); function beginRequestHandler(sender, args)
17
1999
by: rohitchawla | last post by:
i am trying to show and hide a div when onmouseover and onmouseover another div element. i am setting a setTimeout duration on onmouseout to delay the hiding of div for around two second The problem is that when i mouseover an element and then onmouseout it and then back again mouseovers that element before the timeout, the element still gets ...
0
7715
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8041
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7806
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8093
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5296
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3739
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
2233
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1333
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1053
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.