如何在网页中隐藏 javascript 代码? [英] How do I hide javascript code in a webpage?
问题描述
当通过浏览器的查看源代码"功能查看源代码时,是否可以从网页的 html 中隐藏 Javascript 代码?
Is it possible to hide the Javascript code from the html of a webpage, when the source code is viewed through the browsers View Source feature?
我知道混淆代码是可能的,但我更希望它从查看源功能中隐藏.
I know it is possible to obfuscate the code, but I would prefer it being hidden from the view source feature.
推荐答案
我不确定其他人是否真的直接解决了您的问题,即从浏览器的查看源代码"命令查看代码.
I'm not sure anyone else actually addressed your question directly which is code being viewed from the browser's View Source command.
正如其他人所说,没有办法保护打算在浏览器中运行的 javascript 免受确定的查看者的影响.如果浏览器可以运行它,那么任何有决心的人也可以查看/运行它.
As other have said, there is no way to protect javascript intended to run in a browser from a determined viewer. If the browser can run it, then any determined person can view/run it also.
但是,如果您将 javascript 放在包含以下内容的外部 javascript 文件中:
But, if you put your javascript in an external javascript file that is included with:
<script type="text/javascript" src="http://mydomain.com/xxxx.js"></script>
标签,那么 javascript 代码将不会立即通过查看源命令可见 - 只有脚本标签本身才会以这种方式可见.这并不意味着有人不能只加载该外部 javascript 文件来查看它,但您确实询问了如何将其排除在浏览器的查看源代码"命令之外,而这会做到.
tags, then the javascript code won't be immediately visible with the View Source command - only the script tag itself will be visible that way. That doesn't mean that someone can't just load that external javascript file to see it, but you did ask how to keep it out of the browser's View Source command and this will do it.
如果您想真正使查看源代码更加有效,您可以执行以下所有操作:
If you wanted to really make it more work to view the source, you would do all of the following:
- 将其放入外部 .js 文件中.
- 混淆文件,以便将大多数本地变量名称替换为短版本,从而删除所有不需要的空格,因此如果不进一步处理就无法读取它,等等...
- 通过以编程方式添加脚本标签来动态包含 .js 文件(就像 Google Analytics 所做的那样).这将使从查看源代码"命令获取源代码变得更加困难,因为没有简单的链接可以点击.
- 将您想要保护的尽可能多的有趣逻辑放在您通过 ajax 调用检索的服务器上,而不是进行本地处理.
综上所述,我认为您应该专注于性能、可靠性和让您的应用变得出色.如果你绝对需要保护一些算法,把它放在服务器上,但除此之外,竞争是你最擅长的,而不是通过拥有秘密.无论如何,这就是成功在网络上的最终运作方式.
With all that said, I think you should focus on performance, reliability and making your app great. If you absolutely have to protect some algorithm, put it on the server, but other than that, compete on being the best at you do, not by having secrets. That's ultimately how success works on the web anyway.
这篇关于如何在网页中隐藏 javascript 代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
