I expect that there are probably ways for a determined end user to see your code, but I would prefer to hide it.
Ideally, I would like to be able to hide it from OTHERS, but not me, in case I need to debug a live system.
Any suggestions?
+6
A:
No. If the browser can "see" the source code, the user can see it too. There is no way to hide it.
CD
2009-09-05 18:39:41
+14
A:
No, the browser needs the HTML source to render the page. It's just one more step for the user to be able to view it. Period.
However, you can obfuscate it. Please think long and hard about why you need to do this, though. You'll probably find that this is not the correct solution.
Andrew Keeton
2009-09-05 18:40:08
Security through obscurity? :)
Mayo
2009-09-05 18:42:33
Which would definitely fit Andrew's assessment as being 'not the correct solution.'
David Thomas
2009-09-05 18:45:36
A:
It is not possible to hide HTML source from a end user since this source is response for the HTTP GET request from browser. But, you can encode/obfuscate the HTML code using Javascript; or you can disable right-click in a browser window using Javascript. But, these are not fool proof methods.
swatkat
2009-09-05 18:43:44
N.B. People absolutely ***hate it*** when you mess with their menus, right-click or otherwise.
Andrew Keeton
2009-09-05 18:45:30
In my experience, obfuscated Javascript can trigger virus alerts sometimes. They should never be used, for that reason alone :x
Matchu
2009-09-05 19:17:13
A:
you cant able to hide it from browser .
Edited : removed the script i have given
anishmarokey
2009-09-05 18:43:57
The linked script doesn't even catch the right-button key on the keyboard. For IE you should therefore add `<body onContextMenu="return false">`
0xA3
2009-09-05 19:04:17
+1
A:
As others have correctly said, you cannot hide either HTML, CSS, or JavaScript from the end user. You can just try to obfuscate it, but anyone who knows what he is doing will be able to reverse that easily.
A solution not mentioned here yet is to use Flash or Java applets instead of HTML. Naturally this has many drawbacks which I'm sure you are aware of yourself. And I'm not sure about the debugging possibilities. But that at least is quite difficult to decompile and it will allow you to do some things that you can't do with plain HTML/Javascript. Decide for yourself if this works for you or not.
Vilx-
2009-09-05 18:49:58
Yes, but it's in a compiled binary form. It will take substantial skill and knowledge to reverse it to something resembling the original code. And even that can be obfuscated, far better than HTML or JavaScript.
Vilx-
2009-09-05 20:36:09
+2
A:
I think you should consider what parts of it you actually wish to hide and why. If you don't want the user to be able to find out what your page is really doing, server-side code is probably the only option. Anything client-side like HTML or Javascript can and will be nosed into, obfuscated or not. And nobody likes it when you tinker with context menus.
CodeByMoonlight
2009-09-05 18:55:11
+2
A:
If you're looking to hide it in a completely stupid fashion from completely stupid people, this would always work:
<!-- <PGA_LOAD_MODULE> --!>
#include('page_assets232.pga', 'mode=webViewer', true, false, true, true);
#asset_load(232, true, false, true, true);
#asset_init(232, true, false, true, true);
#asset_paint(232, true, false, true, true);
#asset_display(232, true, false, true, true);
#final_render('mode=webViewer', 232);
<-- </PGA_LOAD_MODULE> -->
[a ton of line breaks]
<!DOCTYPE html>
<html>
<head>
[etc.]
I'm sure plenty of cheap-o amateurs would very easily assume that your fancy commands up at the top actually mean something and ignore the scrollbar. I'm sure that a similar amount won't be fooled whatsoever. But given that there isn't actually a "real" solution, tricking the idiots who would be out to steal your page design may actually be a decent answer.
Matchu
2009-09-05 19:11:42
Do you have an example of Google hiding their source? AFAIK and echoed on this thread hiding source is impossible.
ahsteele
2009-09-05 19:19:12
I meant garbling the source only guys... see gmail's source its json and javascript only...
Pushpinder
2009-09-06 11:22:32
+2
A:
This approach might slow down casual users from viewing source: use JQuery's load method (or corresponding call in the JavaScript library of your choice) to inject HTML into the DOM after the page has been loaded. When you view source, you won't see any of the loaded content in Firefox or IE. In order for you to view the source, you'll need to use a tool like Firebug which can display the current DOM tree. Of course if you can do that, other users can too... Also, there's nothing to prevent the user from viewing the URI of the load call and just requesting the page you're loading directly.
jalbert
2009-09-05 19:57:28
Also, you make your content invisible to non-JS user agents including search engines. Not really worth it when it's as simple to avoid as looking at document.documentElement.innerHTML.
bobince
2009-09-05 20:25:25
A:
Here's another solution that just came into my mind. If you set every possible no-cache no-store etc. HTML header you can find, some browsers will not allow you to view the source. This is because they don't save it to the disk, and somehow this disables their ability to show the source as well.
This is proven to work on Opera an IE. Not sure about FF/Chrome/Safari - test those yourself.
Note however that this is also trivial to bypass with any kind of HTTP debugging proxy (like Fiddler). Even the trivial javascript:alert(document.body.innerHTML) in the address bar will show almost everything. This only protects against hacker-wannabe script kiddies.
Vilx-
2009-09-05 20:43:28
I haven't seen the *View Source* command disabled on any site. Do you have an example website where this is the case? Anyway, I think as soon as you choose *File -> Save Page As* you will get an HTML file on disc.
0xA3
2009-09-05 21:07:21
Ditto. Sites where Back reloads the page are plenty, but I've never found somewhere I (a longtime Opera user) couldn't view the source.
CodeByMoonlight
2009-09-05 21:20:31
Hmm... can't reproduce it now... But I swear that I had seen this behaviour accidentally triggered at work and even had to work around it.
Vilx-
2009-09-06 09:21:39