tags:

views:

148

answers:

5
Q: 

How to hide precious HTML from user eyes ?

I am thinking to create an website that generates HTML through a wizard.
Finally, I want to make the users to buy the generated HTML source if they like what they see.

But I don't want to let the users to steal the HTML, CSS and JS that I use to create the effect they want.

I want a technique which is immune to Firebug and Right Click -> View Page Source.

Any thoughts ?

edit: I remember something about iframes or frameset, but I'm not sure how to fool the browser and Firebug to execute the code without updating their capability of showing that source code. A popup is also a possible solution.

edit 2: html hosted in silverlight ? will you use it ?

+2  A: 

http://www.encrypt-html.com/hide_html_source ... maybe it will help you

Jean-Christophe Fortin  2010-07-23 17:13:50
ROFL $40 to buy it???
animuson  2010-07-23 17:22:26
Why is this down voted? Just because it's a paid app (that is probably overpriced) is no reason to down vote a legit answer that points someone to a software package that may accomplish what they need.
AaronS  2010-07-23 17:30:44
@Aaron, it has nothing to do with the price. I downvoted because the package will *not* accomplish what they want, for the reasons already explained thoroughly (see Ben's comment, for a start).
Matthew Flaschen  2010-07-23 17:46:39
@Matthew, I do agree with Ben's comment, however IMHO if you're going to down vote an answer I think you should leave a comment as to why, especially since this software package does specifically state it would do what was asked in the original question.
AaronS  2010-07-23 17:54:10
+5  A: 

The best thing you can do is to just obfuscate your code. Trying to hide the source is not going to work (for ex: if you disable right click-> view source that doesn't stop them from using the menu or saving the page or using a shortcut key or writing an app to stream the http request into a file and open that, etc).

Firstly, depending on what you are doing you can have the HTML code loaded through JS after the page load (AJAX).

As far as your JS goes:
Free Obfuscator
Not Free Obfuscator

In the end though, there is no stopping someone who really wants to get that source. Even obfuscated code can be rebuilt (though it's hell on wheels painful depending on how good the obfuscator is).

myermian  2010-07-23 17:14:26
thanks, this seems to be the best solution for me. I already load my final code via AJAX, so, it will be simple to add another layer that obfuscate it.
pixel3cs  2010-07-23 17:21:35
"you can have the HTML code loaded through JS after the page load" This does essentially nothing. It is still trivial to use a tool like Firebug to dump the parsed DOM as HTML.
Matthew Flaschen  2010-07-23 17:28:48
I've never used Firebug to know it can do that. I guess the point I was driving at was that you can't hide your code, but you can distort it and layer it enough to make it a pain in the butt to reverse-engineer it though (not impossible, just a pain).
myermian  2010-07-23 17:37:22
A: 

To really protect the sample HTML from prying eyes, you'd need to render it on the server-side and only pass image data to the client. If you want the user to be able to interact with the sample as if it were a normal Web page, you'll also need to send their pointer and keyboard inputs to the server and update the displayed image when necessary. At that point, though, you're basically making an HTTP-based version of VNC. This is definitely possible, but I don't think it will be easy, and I doubt there are any existing software packages to let you do this. If I were you, I'd rethink my business model a bit.

bcat  2010-07-23 17:21:04
your solution works, and indeed, is the best if we think at it. but is too much for something that should be simple.
pixel3cs  2010-07-23 17:23:54
Oh, definitely. I don't expect you (or anyone else) to actually implement something so complicated. The cost of implementation would almost certainly outweigh an additional security it would provide.
bcat  2010-07-23 17:29:37
Why should it be simple? The web does not work this way, by design. There's not going to be any simple way to get around that.
T Duncan Smith  2010-07-23 17:31:34
A: 

Sending XSL-templated XML to the browser may be enough fool some, and it will work more or less the same in many modern browsers including IE6 (maybe even 5.5).

But really, trying to hide the HTML code isn't going to work if anyone halfway serious wants to get it.

no  2010-07-23 17:22:09
A: 

I am thinking to create an website that generates HTML through a wizard.
Finally, I want to make the users to buy the generated HTML source if they like what they see.

If this is what you need you might consider the possibility of creating a preview of the page as an image, and provide the download of the source only after the user agreed and paid. There is no magic way to let a browser display a code that you can't see.

kemp  2010-07-23 17:24:35

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?