I'm working on a mvc application (applies to any website though) and was wondering is it ok to leave exposed jquery and javascript in a view? In other words when i run the program and right click and view source I can see all my jquery and javascript. Is that safe and ok? Is there a way to hide all of that so users can't see that? Thanks for any tips.
-
1Well the most that you can do, at least for I know it's minimize the javascript. But this not hide the contains just generate's a code which cannot be read easily for human, and the goal for this it's improve the responses times of your applicationJorge– Jorge2012-10-06 21:36:51 +00:00Commented Oct 6, 2012 at 21:36
-
1It's how the web works, nothing you can do about it. Obfuscating is useless IMO, minification is ok.elclanrs– elclanrs2012-10-06 21:37:50 +00:00Commented Oct 6, 2012 at 21:37
Add a comment
|
8 Answers
There is no way of hiding javascript completely from the user. JavaScript is a client side technology. It executes in the browser. If the browser can execute the script, it can also show it to the user.
You can use JavaScript obfuscator software to make the code harder to read, but you can never hide it completely. See http://www.javascriptobfuscator.com/default.aspx for an online example of this.
JQuery and other libraries are also publicy available so there is no harm in the user being able to access it. There is nothing secret about them.
If you have secrets in the code that you want to protect, you should think about putting the affected code on the server if possible instead of doing the processing on the client.
Comments
To make it harder for the interested spy to read you can put your scripts inside .js files and obfuscate them. See How can I obfuscate (protect) JavaScript? for more information.
Comments
Javascript is is executed on the client, so no there's not really anything you can do to hide it from the client. All you can really do is make it more difficult for a user to read through your code via obfuscation.
Comments
What your are looking for is Obfuscation.
There are very different opinions on why you should or shouldn't use it with Javascript.
Comments
Nope, you cannot hide your JS - remember that the JS is client side scripting and has to be executable at the client which implies that the browser must have access to it. And when the browser has access to it - the user can see it as well :)
Comments
Hiding isn't possible, all your JavaScript is needed client side to make your website functional. However you can obfuscate you JavaScript, in other words make in more ugly so nobody can really understand your code, but the browser will.
To obfuscate you javascript code take a look at:
Comments
hey you can do one thing onload call an action of server side through Ajax call into by returning javascript it will never show in your view source but it can be visible by firebug but its a way to sequre your javascript protuct from others to use it in a easy way i have done it one of my project even by this method you can hide your html too
1 Comment
smitelli
You may as well just use a
<script> tag. At least the browser (in a lot of cases) can optimize the way it fetches and loads a <script>. Setting it up as an AJAX call really does nothing but complicate things and, just like you said, it offers no real protection.There's no way to hide it. Anyway there's no reason to do it. If you want to obfuscate Javascript code, you can find software (obfuscators) that make your code more difficult to understand (for a human) and so called minifiers that make your code smaller. This is a live example of such tools :
