hide source code after script finishes loading [duplicate]

Question 1

is it possible in javascript to hide the code after a script finishes loading

=> No

I think that removing the code would disable any interactive portions of a page leaving a static shell

=> You could remove the script tags from the html structure, but as the code has already been parsed your interactive portions would still work

is there something more clever that can be done in software regarding client side javascript

=> Accept that people can read your minified code and won't spend much time trying to decipher it, because they already have jQuery, backbone and other libraries anyway. Invest your precious time on a better vnext rather than trying to hide the current version.

Question 2

You can't hide all source code as browser needs it. Think how firebug or dom inspector works. If you change something, it affects what you see in the browser screen. But there are ways to make it "kinda invisible" or "almost unreadable". For example, if you use some development tools or scripts which build script on the fly.

Have a look at my site http://elmin.org and try to read the source code. As you see, you can't see much and even if you see, it is too complex to analyse or understand. In this case, google web toolkit is used.

As pointed out above, obfuscating your code is a solution, but it's not enough, because, although it is hard, but programmers could decipher your code and "steal" your script.

I would say one idea is to restrict access to your external js files from outside the page you embed your code in. So, if someone tries to access that file in browser, the access will be denied to the script source. In php or whatever serverside language you are using, you can control access by comparing the request_uri server variable to you domain.

But you should realize the risk of obfuscating your code. Just imagine it replaces a clearly readable JavaScript snippet:

window.onload = function() { alert("Hi " + username) };

by:

eval(unescape("var%20_0xc5b2%3D%5B%22onload%22%2C%22Hi%20%22%5D%3Bwindow"+
"%5B_0xc5b2%5B0%5D%5D%3Dfunction%20%28%29%7Balert%28_0xc5b2%5B1%5D+username"+
"%29%3B%7D%20%3B"));

The risk is many antivirus or other online protection software may warn your visitors that it is not safe as may not detect whether the javascript code there is attempting to do something harmful. So, it may fail the verification.

Question 3

The best you are going to get is using a minifier like UglifyJS. It will obfuscate the code and make it harder for people to read, but you cannot hide it. All your code is transferred in plain text to the browser so it can interpret it and no browser is going to prevent the user from seeing it.

Question 4

There is no way to hide the code after it has executed, but you can easily obfuscate it.

Question 5

It is just impossible... Or even if there is a way, it'll be a partial, because the only people who would be interested about your code are programmer... so they have just to load your page without executing js to get the sources... Sorry :/

~~"It will obfuscate the code and make it harder for people to read" Most of text editor or web-browser have syntax highlighting and indentation, so it's not a solution.~~ (I misunderstood) yes, it's a solution

Question 6

No.

That's why PHP has a major advantage in that sense - it is executed server side - so the viewer would never see the code that produced the end markup. But don't get me wrong PHP has it's own security issues such as MySQL Injection Attacks.