473,324 Members | 2,193 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Hide javascript source using php

Sorry, I'm a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo'ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

Any help is much appreciated...
Jul 17 '05 #1
10 11997
On 3 Jun 2004 15:34:52 -0700, ch**********@yahoo.co.uk (Mark) wrote:
I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo'ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.


If you're doing this in the name of security, surely this is pretty futile,
even if it could be done reliably. The browser will need to download the
Javascript to run it, therefore the source is available to the user.

--
Andy Hassall <an**@andyh.co.uk> / Space: disk usage analysis tool
http://www.andyh.co.uk / http://www.andyhsoftware.co.uk/space
Jul 17 '05 #2
Regarding this well-known quote, often attributed to Mark's famous "3 Jun
2004 15:34:52 -0700" speech:
Sorry, I'm a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo'ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

Any help is much appreciated...


The only way I can think of to do this is a clunky and over-the-top, but it
should work for most uses: Using a one-time key.

1. Make sure nothing caches. Add every "Never Cache Me!" header you can
think of to the JS/PHP file and the calling file.

2. Whenever the calling file is run, it generates a random key, and writes
it to a file or database. Say it's "asdboibo29h9q".

3. The javascript is called like <script type="text/javascript"
src="scriptme.php?key=asdboibo29h9q">

4. The PHP in scriptme.php checks to see if that key exists. If it does, it
is deleted. If not, the "Keep off my script" message is all they get.
This has a few problems:

It can be subverted by someone turning off JavaScript, then typing the URL
from the script tag in their browser. Since the script was never
downloaded, the key is not expired. They get the script. Also, someone
manually retrieving files from the server, or using a non-browser utility
could get the script. It's foolproof, but quite a few people past the
"fool" stage could still get at it.

Also, if the calling page gets cached, the script will fail to load, since
the same key will be used twice. You could make the "alternate" JavaScript
code deal with this somehow, I suppose, by gracefully failing, or trying to
reload a new key.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #3
ch**********@yahoo.co.uk (Mark) wrote in message news:<6c*************************@posting.google.c om>...
Sorry, I'm a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo'ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.


As phpSt.Andy said, there is no bullet-proof solution to hide JS as
it is client-side and the code is required to run.

Anyway, it seems you're looking for the solution just like
"hotlinking". Just do a Google search on "hotlinking", you'll find
number of solutions usually for the images--which can be taken for JS
too. Similar one is here
<http://www.htmlcenter.com/tutorials/tutorials.cfm/159/PHP/>

In simpler terms the logic is:
1. Set a session variable aka flag in a main script
2. Check the presence of the flag in a on the fly JS creating PHP code
3. Add no-cache headers in on the fly JS creating PHP code--so that
the code is not get stored in temp folders.

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #4
Thank you for the responses.

It is not so much that I want to hide the source, but rather I want to
track where it is being used. So thats why I thought of PHP, when the
file is requested it can log that info. Hiding the source was just
something else which I though would be useful, otherwise people could
just copy the code and upload it elsewhere without me being able to
track the script's use.

P.S. I have also found this here:
http://groups.google.com/groups?selm....earthlink.net
Jul 17 '05 #5
In article <6c**************************@posting.google.com >, Mark wrote:
Thank you for the responses.

It is not so much that I want to hide the source, but rather I want to
track where it is being used. So thats why I thought of PHP, when the
file is requested it can log that info. Hiding the source was just
something else which I though would be useful, otherwise people could
just copy the code and upload it elsewhere without me being able to
track the script's use.


As soon someone saves the output of your script (thus the actual
JavaScript code, it will be hard to track it down, if not impossible,
where it's used next).

--
Tim Van Wassenhove <http://home.mysth.be/~timvw/contact.php>
Jul 17 '05 #6
Mark wrote:

otherwise people could just copy the code and upload it
elsewhere without me being able to track the script's use.


They can, you can't track or control it, and attempting to do so is a
waste of your time. However, *learning* that this is a waste of your
time is not a waste of your time, so go right ahead. Eventually you'll
realize that you are tilting at windmills, and you'll be wiser for the
experience.

bblackmoor
2004-06-04
Jul 17 '05 #7
ch**********@yahoo.co.uk (Mark) wrote in message news:<6c**************************@posting.google. com>...
Thank you for the responses.

It is not so much that I want to hide the source, but rather I want to
track where it is being used. So thats why I thought of PHP, when the
file is requested it can log that info. Hiding the source was just
something else which I though would be useful, otherwise people could
just copy the code and upload it elsewhere without me being able to
track the script's use.

P.S. I have also found this here:
http://groups.google.com/groups?selm....earthlink.net


I guess, few possibilities to hack this system:

1. A PHP code using cURL functions
2. A sniffer
3. Browser masquerade techniques

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #8
"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote in message
news:ab**************************@posting.google.c om...
ch**********@yahoo.co.uk (Mark) wrote in message news:<6c**************************@posting.google. com>...
Thank you for the responses.

It is not so much that I want to hide the source, but rather I want to
track where it is being used. So thats why I thought of PHP, when the
file is requested it can log that info. Hiding the source was just
something else which I though would be useful, otherwise people could
just copy the code and upload it elsewhere without me being able to
track the script's use.

P.S. I have also found this here:

http://groups.google.com/groups?selm....earthlink.net
I guess, few possibilities to hack this system:

1. A PHP code using cURL functions
2. A sniffer
3. Browser masquerade techniques


The browser is always ready to caugh up the HTML content/Javascript code, so
any protection scheme is bound to fail.

To get the source to all functions (Netscape only):

javascript:f=[];for(name in
window){obj=window[name];if(typeof(obj)=='function'){f.push(obj);}}j=docum en
t.createElement('TEXTAREA');j.value=f.join('\n');d ocument.body.appendChild(j
);void(0)

To get the content:

javascript:a=document.createElement('TEXTAREA');do cument.body.appendChild(a)
;a.value=document.getElementsByTagName('HTML')[0].outerHTML;void(0);
Jul 17 '05 #9
"Chung Leong" <ch***********@hotmail.com> wrote in message news:<TP********************@comcast.com>...
"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote in message
news:ab**************************@posting.google.c om...
ch**********@yahoo.co.uk (Mark) wrote in message

news:<6c**************************@posting.google. com>...

[...]
P.S. I have also found this here:

http://groups.google.com/groups?selm....earthlink.net

I guess, few possibilities to hack this system:

1. A PHP code using cURL functions
2. A sniffer
3. Browser masquerade techniques


The browser is always ready to caugh up the HTML content/Javascript code, so
any protection scheme is bound to fail.

To get the source to all functions (Netscape only):

javascript:f=[];for(name in
window){obj=window[name];if(typeof(obj)=='function'){f.push(obj);}}j=docum en
t.createElement('TEXTAREA');j.value=f.join('\n');d ocument.body.appendChild(j
);void(0)

To get the content:

javascript:a=document.createElement('TEXTAREA');do cument.body.appendChild(a)
;a.value=document.getElementsByTagName('HTML')[0].outerHTML;void(0);


Sounds like you're talking about "View Rendered Source"
<http://billfriedrich.tripod.com/index.html?Web>

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #10
Your php script will simply output a web page, in this case the Javascript
code.

If your goal is to hide the Javascript code, PHP is of no help there.

Imagine the output from PHP as a static file (whether it contains HTML or
Javascript or just plain text).

If you cannot somehow hide such imaginary file from being viewed directly,
you cannot do it with PHP either.

That said, outside PHP there are various means to hide HTML-source and with
a little messing with them you could also hide the link to the PHP script
that outputs the Javascript code. But as far as I know, none of those "hide
source" things work 100%. Somehow, someone will always be able to view the
source.

In conclusion, this is not a PHP issue.

-Jani
"Mark" <ch**********@yahoo.co.uk> wrote in message
news:6c*************************@posting.google.co m...
Sorry, I'm a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo'ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

Any help is much appreciated...

Jul 17 '05 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Mark | last post by:
Hi - I have a function which shows/hides a <div> on my page - this appears to oinly work in IE, but I also need it to work in Netscape 7.1. My function is in my head: function openIt(faq) {...
9
by: sergio | last post by:
Hi all, I have created the following script that will show/hide a menu based on checkboxes. It works fine in Opera but not on IE6! Does anybody knows a workaround this problem? Thanks for your...
19
by: dmiller23462 | last post by:
Hi guys....I have absolutely NO IDEA what I'm doing with Javascript but my end result is I need two text boxes to stay hidden until a particular option is selected....I've cobbled together the...
13
by: Fernando Fernández | last post by:
Hi people :)) I am Fernando and I have made a web application with HTML and JavaScript. Now I would like to hide the source code, or at least my JavaScript source code. Is it possible? is there...
5
by: dje | last post by:
In the OnClick event on a radioButtonList, I run a javascript to show/hide the appropriate div along with a submit button, which displays as expected. The problem is the submit no longer works on...
3
by: toodi4 | last post by:
I'm using a javascript that hides and unhides text based on a button click. It works great across static fields on a form. The problem I have is that I'm trying to hide and unhide various fields...
8
by: Ciaran | last post by:
I have a piece of code that I'd rather google's spider did not follow. Is this possible please?
47
by: SOLAV | last post by:
This is the only working way to completely hide your JavaScript code from the client just like PHP or ASP code. Here we'll need the help of PHP. Here is the code: index.php...
2
by: dusk | last post by:
Hi, I have a page with lots of hidden divs which are revealed based on choices made at each 'layer'. So I've used naming convention which represents the order in which each div becomes...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.