使用php隐藏javascript源代码 [英] Hide javascript source using php

问题描述

抱歉，我是php的新手;）


我正在考虑使用php编写脚本文件，

喜欢：


< script type =" text / javascript"

src =" http：//insert_url_here.com/myScript.php">< / script>


php文件然后回显源代码。如果有用那么怎么可以

我停止直接加载php文件，即用户浏览

到 http://insert_url_here.com/myScript.php 并查看来源。我只想让它在通过脚本调用时写入源代码。


非常感谢任何帮助......

Sorry, I''m a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo''ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

Any help is much appreciated...

推荐答案

2004年6月3日15:34:52 -0700， ch ********** @ yahoo.co.uk （马克）写道：

On 3 Jun 2004 15:34:52 -0700, ch**********@yahoo.co.uk (Mark) wrote:

我在考虑用php编写脚本文件，例如：

< script type =" text / javascript"
src =" http://insert_url_here.com/myScript.php"> ;< / script>

php文件然后echo''ing源代码。如果可以，那么我怎么能停止直接加载的php文件，即用户浏览 http://insert_url_here.com/myScript.php 并查看来源。我只希望它在通过脚本调用时编写源代码。

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo''ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

如果你是以安全的名义这样做，肯定这是非常徒劳的，即使它可以可靠地完成，也是b $ b。浏览器需要下载

Javascript才能运行它，因此用户可以使用该源。


-

Andy Hassall< an ** @ andyh.co.uk> / Space：磁盘使用情况分析工具
http://www.andyh.co.uk / http://www.andyhsoftware.co.uk/space

If you''re doing this in the name of security, surely this is pretty futile,
even if it could be done reliably. The browser will need to download the
Javascript to run it, therefore the source is available to the user.

--
Andy Hassall <an**@andyh.co.uk> / Space: disk usage analysis tool
http://www.andyh.co.uk / http://www.andyhsoftware.co.uk/space

关于这个众所周知的引用，通常归因于Mark'着名的3 Jun

2004 15:34:52 -0700"演讲：

Regarding this well-known quote, often attributed to Mark''s famous "3 Jun
2004 15:34:52 -0700" speech:

抱歉，我是php的新手;）

我在考虑用php编写脚本文件，
喜欢：

< script type =" text / javascript"
src =" http://insert_url_here.com/myScript.php">< / script> http://insert_url_here.com/myScript.php 并查看来源。我只希望它在通过脚本调用时编写源代码。

非常感谢任何帮助......

Sorry, I''m a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo''ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

Any help is much appreciated...

我能想到的唯一方法就是笨重而且过于顶级，但是

应该适用于大多数用途：使用一次性钥匙。


1.确保没有缓存。添加每个Never Cache Me！标题你可以

想到JS / PHP文件和调用文件。


2.每当调用文件运行时，它会生成一个随机密钥，并将
写入文件或数据库。说它是'asdboibo29h9q" ;.


3. javascript被称为< script type =" text / javascript"

src = scriptme.php？key = asdboibo29h9q>


4. scriptme.php中的PHP检查该密钥是否存在。如果是，则删除
。如果没有，请关闭我的脚本消息是他们得到的全部。

这有一些问题：


有人可以通过关闭JavaScript，然后输入URL来破坏它来自浏览器中脚本标记的
。由于脚本从未下载过
，因此密钥未过期。他们得到了剧本。另外，某人从服务器手动检索文件，或使用非浏览器实用程序

可以获取脚本。这是万无一失的，但很多人都过了这个傻瓜。阶段仍然可以得到它。


此外，如果调用页面被缓存，脚本将无法加载，因为

将使用相同的密钥两次。你可以制作替代的JavaScript

代码以某种方式解决这个问题，我想，通过优雅地失败，或尝试

重新加载一个新密钥。


-

- Rudy Fleminger

- sp@mmers.and.evil.ones.will.bow-down-to.us

（在主题行中放置嘿！以进行优先处理！）

- http://www.pixelsaredead.com

ch ********* *@yahoo.co.uk （马克）在留言新闻中写道：< 6c ************************* @ posted。 google.c om> ...

ch**********@yahoo.co.uk (Mark) wrote in message news:<6c*************************@posting.google.c om>...

抱歉，我是php的新手;）

我正在考虑使用php编写脚本文件，某些东西
< script type =" text / javascript"
src =" http://insert_url_here.com/myScript.php">< / script>

php文件然后echo''ing源代码。如果可以，那么我怎么能停止直接加载的php文件，即用户浏览 http://insert_url_here.com/myScript.php 并查看来源。我只希望它在通过脚本调用时编写源代码。

Sorry, I''m a newbie to php ;)

I was thinking about using php to write the script file, something
like:

<script type="text/javascript"
src="http://insert_url_here.com/myScript.php"></script>

The php file then echo''ing the source code. If that works then how can
I stop the php file being loaded directly, that is the user browsing
to http://insert_url_here.com/myScript.php and seeing the source. I
only want it to write the source when it is called through the script.

正如phpSt.Andy所说，没有防弹解决方案将JS隐藏为

它是客户端并且代码需要运行。


无论如何，它似乎正在寻找解决方案就像

hotlinking。只需在热链接上进行谷歌搜索，你会发现

通常用于图像的解决方案 - 这也可以用于JS

。类似的一个在这里

< http：//www.htmlcenter.com/tutorials/tutorials.cfm/159/PHP/>


更简单术语逻辑是：

1.在主脚本中设置一个会话变量aka flag

2.在运行中检查是否存在标志JS创建PHP代码

3.在动态JS中添加无缓存标头创建PHP代码 - 这样代码就不会存储在临时文件夹中。
< br $> b $ b -

|只是另一个PHP圣人|

电子邮件：rrjanbiah-at-Y！com

As phpSt.Andy said, there is no bullet-proof solution to hide JS as
it is client-side and the code is required to run.

Anyway, it seems you''re looking for the solution just like
"hotlinking". Just do a Google search on "hotlinking", you''ll find
number of solutions usually for the images--which can be taken for JS
too. Similar one is here
<http://www.htmlcenter.com/tutorials/tutorials.cfm/159/PHP/>

In simpler terms the logic is:
1. Set a session variable aka flag in a main script
2. Check the presence of the flag in a on the fly JS creating PHP code
3. Add no-cache headers in on the fly JS creating PHP code--so that
the code is not get stored in temp folders.

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com

这篇关于使用php隐藏javascript源代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！