Is it possible to hide or scramble/obfuscate the javascript code of a webpage?

StackOverflow https://stackoverflow.com/questions/734561

  •  09-09-2019
  •  | 
  •  

Question

I understand that client side code must be readable from the browser but I wonder (since there are too many things that I ignore) if there are ways to obfuscate to code to the end user and, if not what is the best practice to "pack" the javascript code.

Was it helpful?

Solution

It is good practice to minify your JS with a tool such as YUI Compressor. I would not obfuscate it unless you have a specific need to do this. There are plenty of online obfuscators such as this one

See this article: http://developer.yahoo.net/blog/archives/2007/07/high_performanc_8.html

OTHER TIPS

Check this out.

Other than min'ing it, I don't think you can really hide js. It all goes the user's browser and there are plenty of ways of seeing it once its there.

See here for a Free Javascript Obfuscator.

Given that it is in fact possible, if the reason you intend to obfuscate is to protect intellectual property, you are probably trying to derive value from your work the wrong way. It's fairly easy to reverse the obfuscation, and you would probably be wasting time maintaining your code.

Focus more on what services you intend to provide to those who visit your site as a means to differentiate your site from competitors

There are tools that could be used to compress javascript code and render it difficult for the end user to understand.

Is there a reason why this won't do the trick for you?

http://www.javascriptobfuscator.com/

Do not put any sensitive or personal information in javascript.

Spend your time on keeping your data on the server secure.

Step 1: Don't.

You would have to do a lot to achieve any meaningful level of obfuscation. Obfuscating the names alone is not enough, since all of the standard functions will still be there (although they may be buried in a layer of shorter/obfuscated aliases), and deriving the purpose of a particular function is easy once the code is formatted nicely again. Anybody who really wants to know what your JS code does can, and will, no matter what you do to it before their browser gets a copy of it.

If you truly have valuable business processes in your JavaScript, then you're Doing It Wrong(tm).

No obfuscation is going to keep your code truly secure and it might just give you the false illusion of security (cf. security by obscurity).

If you do need to keep some portion of your code secret, consider pulling the sensitive portions into a server side script and making (say) AJAX calls to the script. Especially with the advent of JSON, communicating with server-side scripts has never been easier.

It is possible to use following tools:

  • YUI Compressor - requires Java - very good compressor

  • Packer - creates the most confusing, and smallest code, but scripts don't run as fast as YUI - this can be used online though. Select 'Base62 encode' for maximum effect.

  • The Dojo Compressor I've never used this one, but it's on the top-list. It also requires Java.

  • JSMIN By Douglas Crockford, this one has a very simple algorythm, but it is still good. Meant to be used in combination with JSLint.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top