为什么允许浏览器显示客户端源代码? [英] Why are browsers allowed to display client-side source code?
问题描述
为什么允许浏览器显示 HTML/CSS/JavaScript 文件的源代码?我被告知混淆不是提供保护的最终答案.那么一旦代码发送到客户端,任何人都可以窃取前端数据吗?不是所有流行的浏览器都提供密码机制,让未经授权的用户看不到源代码吗?公司在开发专业网站上投入了大量时间、金钱和其他资源,但盗贼似乎有很多生意.
Why are browsers allowed to display source code for HTML/CSS/JavaScript files? I've been told that obfuscation is not the ultimate answer to provide protection. So once the code is sent to the client-side, anyone can steal the front-end data? Can't all popular browsers provide a password mechanism so that unauthorized users can't see the source code? Companies invest a lot of time, money, and other resources in developing professional sites, yet it seems there is a lot of business out there for thieves.
请注意,我不是在问是否可以隐藏源代码或者可以使用什么工具来做到这一点.已经有关于此的问题/讨论.浏览器可以看到客户端源代码,但我不明白为什么允许它们向用户展示.他们不能在后台处理文件而不是说这是查看页面的代码.继续检查吧!"?
Note that I am not asking if source code can be hidden or what tool can be used to do that. There have been questions/discussions about that already. The client-side source code can be visible to browsers, but what I don't get is WHY they are allowed to show it to the user. Can't they process the files in the background instead of saying "Here is the code for the viewed page. Go ahead and check it out!"?
更新:感谢您的回答.我看到还有其他获取客户端代码的方法.所以限制浏览器并不能解决问题.纯文本,嗯.互联网的底层前端框架可能更倾向于帮助开发人员保护他们的工作.:)
UPDATE: Thanks for the answers. I see there are other ways of getting the client-side code. So putting restrictions on browsers won't solve the problem. Plain-text, mmmm. The underlying front-end framework of the Internet could have gravitated more toward helping developers protect their work. :)
推荐答案
最终,即使浏览器 确实 删除了 Show Source Code 选项,这绝对是微不足道的(如在单个 wget 命令中,或者几行 C#) 来编写一个可以获取标记、js 和 CSS 的程序.
Ultimately, even if browsers did remove the Show Source Code option, it would be absolutely trivial (as in a single wget command, or a couple of lines of C#) to write a program that would get the markup, js, and CSS.
Web 服务器正在提供文档 - 因此您将文档提供给用户.为什么您希望文档以某种方式对用户隐藏?
A web server is serving a document - so you are giving your document to the user. Why would you expect the document to be somehow hidden from the user?
编辑我认为您需要更多地了解互联网的历史,以及它的用途和用途.HTTP 不是互联网",正如 FTP、TelNet 或魔兽世界是互联网"一样.当互联网被发明时,HTML、CSS 和 JavaScript 根本不存在,因此保护知识产权的考虑不是问题.ARPANET(现代互联网的前身)旨在允许远程工作人员访问超级计算机 - 网络不是远程考虑因素.
EDIT I think you need to understand a little bit more about the history of the internet, and what it was and wasn't designed for. HTTP is not "The Internet", any more than FTP, TelNet, or World of Warcraft are "The Internet". When the internet was invented, HTML, CSS and JavaScript simply did not exist, so consideration of protecting intellectual property was not an issue. ARPANET (the precursor to the modern internet) was designed to allow access to super-computers for remote workers - the web was not remotely a consideration.
这篇关于为什么允许浏览器显示客户端源代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
