Hello,
I have a few questions regarding JavaScript obfuscation on client side.
First question: What is the best tool or best three tools which ones you could suggest for this operation?
Second question: How developers should debug such code (in example with firebug) when extreme situation appears in the production if the code is obfuscated?
P.S. - I know that it's bad practice to debug in production, but we had some emergencies and experienced sometimes such situations.
Thanks for any help!
I think IE8 javascript debugger (under the developer tools) actually re-indent/re-format your code so its readable again.
Not sure if this feature has been added to Firebug, haven't used it lately, but I really wanted this feature a while ago.
1) closure compiler with advanced optimizations
2) First double their pay, then show them jsbeautifier.org
1) If you are looking for obfuscation I would say JScrambler (www.jscrambler.com). They also have a comparison table on the site (jscrambler.com/index/features) that lists other well known javascript obfuscators.
2) For debugging you could use something like SpiderMonkey or Rhino (mozilla.org/js/spidermonkey/). Firebug (getfirebug.com) is very good to retrive the decoded source code when encoding is applied.
The SD ECMAScript Obfuscator retains a map of how it obfuscated your code. If you do client-side, obfuscated-code debugging, that map will tell which symbol in the original source is it actually referencing.
If you want to debug "nicely formatted" obfuscated code, you can get that from the ECMAScript Obfuscator, by first obfuscating (getting code with all layout lost), and then running back throught the obfuscator to prettyprint it (it has this option).
A third option is to generate the obfuscated code in "debugging" mode. The obfsucated result is identifcal to what the production obfuscation is, except that each scrambled variable is named "XXX". This makes understanding the code being debugged just as easy as the original, while validating that the obfuscation renaming is correct. After you've done your debugging, you simply re-obfuscate in production mode.