我如何保护javascript文件？ [英] How do I protect javascript files?

问题描述

我知道隐藏源代码是不可能的，但是，例如，如果我必须将我的CDN中的JavaScript文件链接到网页，我不希望人们知道此脚本的位置和/或内容，这可能吗？

I know it's impossible to hide source code but, for example, if I have to link a JavaScript file from my CDN to a web page and I don't want the people to know the location and/or content of this script, is this possible?

例如，要从网站链接脚本，我们使用：

For example, to link a script from a website, we use:

<script type="text/javascript" src="http://somedomain.com/scriptxyz.js">
</script>

现在，可以向脚本所在的用户隐藏，或者隐藏脚本内容和仍然在网页上使用它？

Now, is possible to hide from the user where the script comes from, or hide the script content and still use it on a web page?

例如，通过将其保存在需要密码来访问文件的私有CDN中，这会起作用吗？如果没有，那么什么可以得到我想要的东西？

For example, by saving it in my private CDN that needs password to access files, would that work? If not, what would work to get what I want?

推荐答案

一个简单的答案的好问题：你可以' t ！

Javascript是一种客户端编程语言，因此它可以在客户端的机器上运行，因此您实际上无法隐藏客户端中的任何内容。

混淆代码是一个很好的解决方案，但这还不够，因为虽然很难，但有人可能会破译你的代码并窃取你的脚本。

有一些使你的代码难以被盗的方法，但正如我所说，没有什么是防弹的。

Good question with a simple answer: you can't!

Javascript is a client-side programming language, therefore it works on the client's machine, so you can't actually hide anything from the client.
Obfuscating your code is a good solution, but it's not enough, because, although it is hard, someone could decipher your code and "steal" your script.
There are a few ways of making your code hard to be stolen, but as i said nothing is bullet-proof.

一个想法是限制从嵌入代码的页面外部访问外部js文件。在这种情况下，如果你有

Off the top of my head, one idea is to restrict access to your external js files from outside the page you embed your code in. In that case, if you have

<script type="text/javascript" src="myJs.js"></script>

有人试图在浏览器中访问 myJs.js 文件不应授予对脚本源的任何访问权限。

例如，如果您的页面是用php编写的，则可以通过 include 功能，让脚本决定是否安全返回它的来源。

在这个例子中，你需要外部的js（用php编写）文件 myJs.php ：

and someone tries to access the myJs.js file in browser, he shouldn't be granted any access to the script source.
For example, if your page is written in php, you can include the script via the include function and let the script decide if it's safe" to return it's source.
In this example, you'll need the external "js" (written in php) file myJs.php :

<?php
    $URL = $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    if ($URL != "my-domain.com/my-page.php")
    die("/\*sry, no acces rights\*/");
?>
// your obfuscated script goes here

将包含在您的主页 my-page.php 中：

<script type="text/javascript">
    <?php include "myJs.php"; ?>;
</script> 

这种方式，仅限浏览器可以看到js文件内容。

This way, only the browser could see the js file contents.

另一个有趣的想法是，在脚本结束时，删除dom脚本元素的内容，以便在浏览器评估代码后代码消失：

Another interesting idea is that at the end of your script, you delete the contents of your dom script element, so that after the browser evaluates your code, the code disappears :

<script id="erasable" type="text/javascript">
    //your code goes here
    document.getElementById('erasable').innerHTML = "";
</script>

这些都只是简单的黑客攻击，我不能强调这一点：不能，完全保护你的js代码，但他们肯定会惹恼那些试图窃取你的代码的人。

These are all just simple hacks that cannot, and I can't stress this enough : cannot, fully protect your js code, but they can sure piss off someone who is trying to "steal" your code.

我最近遇到了一篇非常有趣的文章，由 Patrick Weid 关于如何隐藏你的js代码，他揭示了一种不同的方法：你可以将源代码编码成图像！当然，这也不是防弹，但它是你可以围绕代码构建的另一个 fence 。

这种方法背后的想法是大多数浏览器都可以使用canvas元素来做图像上的像素处理。并且由于画布像素由4个值（rgba）表示，因此每个像素可以具有0-255范围内的值。这意味着您可以在每个像素中存储一个字符（实际上是ascii代码）。其余的编码/解码是微不足道的。

谢谢，Patrick！

I recently came across a very interesting article written by Patrick Weid on how to hide your js code, and he reveals a different approach: you can encode your source code into an image! Sure, that's not bullet proof either, but it's another fence that you could build around your code.
The idea behind this approach is that most browsers can use the canvas element to do pixel manipulation on images. And since the canvas pixel is represented by 4 values (rgba), each pixel can have a value in the range of 0-255. That means that you can store a character (actual it's ascii code) in every pixel. The rest of the encoding/decoding is trivial.
Thanks, Patrick!

这篇关于我如何保护javascript文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！