Is there a way to stop people from being able to download the script to their computer and then viewing the source?
You can go to www.mysite.com/thescript.js and I have to option to open or download. If I open it will say some error in windows, and if I save it does save. Then I can open it in notepad and view the entire source! :eek:

Any help would be appreciated :cool:

There is no way to stop people from viewing your source...

alright... just wondered :)

Something to think about:

You could put a huge I Frame in your index file, and all your pages and stuff with be viewed through it, so that when someone tries to view your source code, all they get is the code for the I Frame. Everything should work the way it's supposed to. You might have to make a few small changes, but it should work...I'm not actually sure if this will work perfectly. But I thought of it as I was reading this.

Except that with certain browsers (Mozilla, at least) you can right-click on the iframe and click "View frame source". And even if you block right-click there are other ways...

As Pyro said, there is no way to stop people viewing your source.

Adam

Can you not just disable right click? It will deter most people.
I presume this goes in the head tag...can anyone confirm?


function disableRightClick(e)
{
var message = "Right click disabled";

if(!document.rightClickDisabled) // initialize
{
if(document.layers)
{
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown = disableRightClick;
}
else document.oncontextmenu = disableRightClick;
return document.rightClickDisabled = true;
}
if(document.layers || (document.getElementById && !document.all))
{
if (e.which==2||e.which==3)
{
alert(message);
return false;
}
}
else
{
alert(message);
return false;
}
}
disableRightClick();

two things:
1) that last code for the no right click has an easy escape to it: you just right click, press the spacebar and right click again.
this script has a higher defense to it and is much less likely to fail on you. also, this script avoids using the annoying and 'unprofessional' alert msg.

<html>
<head>
<script type="text/javascript">
var no="";
function clickIE() {if (document.all) {(no);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(no);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")
</script>
</head>
<body onclick="clickIE(); clickNS()">
...Blah...
</body>
</html>


2) heres a script i found somewhere that you simply save as an html doc on your desktop, open it up, insert your code into the displayed textarea, press "Encrypt", and then copy and paste the output.
the only problem is, it can only encrypt pure html, no javascript scripts(you can still call functions and etc) or css or php or whatever.

now, what i suggest you to do is to apply the 2 scripts i gave you to your pages, and then, link your pages to your external files. that way, your external files wont be protected, but instead, their location and name will simply be hidden within the encrypted source code.
also, another note about the encryptor: you do not have to save the encryptor to your server at all. the encryptor pretty much just removes all un-needed whitespace, then converts all of your text into pure javascript, then changes every special character to an equivalent unfamiliar to people, but parsed equally by the users browser. but just take a look at your code after you encrypt it and youll see what i mean.

well, enjoy the provided

hope it helps!

sorry for double-posting:

i just tested something out, and it turns out, with the encryptor, you can encrypt any type of language or syntax as long as its not an external file. in other words, no matter what you put into your HTML doc, you can encrypt it and successfully use it.
i guess i most likely instead of linking your pages to external files, include them within your html and encrypt it completely. i would suggest this because it when your encrypt the HTML with the linked <script /> tag, you can clearly see the filename and path if you look hard enough. so, if you instead, include your scripts within your HTML doc, you can successfulyy hide most if not all of it, for your javascript code will most likely have more special characters and numbers than it will text.

As this is a javascript forum I assume you want to hide your javascript code, rather than your html.

If you put your javascript code in an include file, and put the include file in a directory which cannot be browsed, how can a user view your code?

There's a flaw in that plan...

If you put your javascript code in a directory that can't be browsed, the users won't even be able to run it.

Speaking of flaws... in the code that xataku_nakusute posted, all one needs to do is run the string through an unescape sequence. This will decrypt the code that the shoddy encrypter he posted makes:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Decrypter</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript">
function decrypt(frm) {
frm.text.value = unescape(frm.text.value);
}
</script>
</head>

<body>
<form action="">
<p><textarea rows="10" name="text" cols="50" style="width: 95%;"></textarea><br>
<input type="button" value="Decrypt" onclick="decrypt(this.form);"></p>
</form>
</body>
</html>Not exactly complicated...

Also, try disabling the right click in Opera and let me know how far you get...

It is actually possible to encrypt your code using Microsoft's Script Encoder (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/SeconScriptEncoderOverview.asp), but that will make your pages accessible only to users of recent versions of Internet Explorer. It is not possible to make code both accessible and protected from copying - even if you encrypt it using Javascript, you still have to decrypt it and that means the code can be extracted by a knowledgeable user. The only true defense against a determined copier is copyright law.

Adam

there is absoloutely no way you can prevent the viewing of a source, encrypted or not.

winhttrack (http://www.httrack.com/) allows users to download entire websites.

there is no getting around encrypting your page, because instant source (www.blazingtools.com/is.html) claims it can get html even generated by javascript:
<b>hi
<script>
document.write(" there!</b>");
</script>

would read "<b>hi there!</b>" in instant source.

This script (http://javascript.internet.com/page-details/source-viewer.html) demonstrates by adding "view-source:" to the front of a URL opens the source of the URL in a new window:
view-source:http://forums.webdeveloper.com

If you are afraid of people taking your code, find another media becides HTML, or don't publish it at all.

Also, even if you did add a no right click script to your page, it would attract people who want to steal HTML to your page.

Case Closed

xataku_nakusute:
un-encrypting that is easy.
there are thousands of scripts like that, taking advantage of the escape() and unescape() functions. To encrypt the HTML, that script only runs it through the escape() function. And the function really does not encrypt it, it only replaces special chars with their code numbers (http://hotwired.lycos.com/webmonkey/reference/special_characters/).