tags:

views:

90

answers:

5
Q: 

Method to 'compile' javascript to hide the source during page execution?

I wanted to hide some business logic and make the variables inaccessible. Maybe I am missing something but if somebody can read the javascript they can also add their own and read my variables. Is there a way to hide this stuff?

+1  A: 

You could encrypt it so no one can read it.

For example

http://daven.se/usefulstuff/javascript-obfuscator.html

Tom  2009-08-14 03:54:28
That's not encryption.
Crescent Fresh  2009-08-14 04:15:01
+1  A: 

That's one of the downsides of using a scripting language - if you don't distribute the source, nobody can run your scripts!

You can run your JS through an obfuscator first, but if anyone really wants to figure out exactly what your code is doing, it won't be that much work to reverse-engineer, especially since the effects of the code are directly observable in the first place.

Mark Rushakoff  2009-08-14 03:54:38
that first sentence takes the cake
shogun  2009-08-14 04:17:28
A: 

You must always validate the data you send back. I've had a rather entertaining time playing pranks on a forum I'm a mod of by manipulating the pages with the Web Developer Toolbar. Whether or not you obfuscate it, always assume that data coming to the server has been intentionally manipulated. Only after you prove it hasn't (or verify the user has permission to act) do you handle the request.

280Z28  2009-08-14 03:55:22
+1  A: 

Javascript cannot be compiled, that is, it is still Javascript.

But, there's this: http://dean.edwards.name/packer/

Generally, this is used to reduce the code footprint of the Javascript, if say your script is being downloaded thousands of times per minute. There are other methods to accomplish this, but as for hiding the code this sort of works.

Granted, the code can be unpacked. This will keep out a novice but anyone who is determined to read your source code will find a way.

It is even this way with compiled languages, even when they have been obfuscated. It's impossible to hide your code 100% of the time -- if it executes on your machine, it can be read by a determined hacker.

Carson Myers  2009-08-14 03:56:53
Actually, if you do it as a FF extension .....
Itay Moav  2009-08-14 04:02:08
+3  A: 

Any code which executes on a client machine is available to the client. Some forms of code are harder to access, but if someone really wants to know what's going on, there's no way you have to stop them.

If you don't want someone to find out what code is being run, do it on a server. Period.

Amber  2009-08-14 03:57:08

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript