View Full Version : how protect external javascript

M rosi
07-21-2010, 03:28 AM
I have designed a web site. but I want to protect my external javascript(and css also) from outside people, who steal my javascript.

can anyone tell me a method to hide external javascript(and css) from these knaves...!!!

thank you

07-21-2010, 03:55 AM
You can not.

M rosi
07-21-2010, 04:10 AM
Oh! can not!

can't we get some assistance, at least from sever-side languages ?

07-21-2010, 04:27 AM
Server side serves the languages you referred to previously. Server side isn't exposed to the user because it is processed on the server.

Javascript is client side and can processes actions by the user within the page. Server side languages need to be re-triggered to the server to have a new action. So more than likely what you are doing won't be able to be accomplished with server side alone.

CSS is kind of a client side language, I guess, if those are the only 2 categories. It's for display purposes if you dont display it the user cant "steal" your style (design, layout, scheme, theme) but it won't display as intended. If you do display it then there has to be a link back to it so the browser knows where to get the data from.

If you are thinking about php includes/requires those would require you to echo out the source to the browser as inline styles which a user could still copy easily.

07-21-2010, 04:36 AM
Anything that the user sees is downloaded to his/her computer. That is how they see it, never directly from the server. (There's the exception of streaming media, but in that case it still is working the same way, just that it is sent in very small bits at a time and not stored on the user's computer for any length of time.)

While there is some room to try to protect images or other files, though it always is possible to get around this and in many cases it causes many more problems than it fixes, text files are completely different.

Text files (javascript, html, css, ...) are sent to the visitor's computer in order to use them. Then they have these files.

You either do or do not send them, but you cannot send them without sending them-- does that make sense?

There's no command you can use to force the user to just briefly use the code while on your site and not be able to steal it.

Of course there's always the protection of copyright, but there isn't any direct way to stop theft.

Honestly, and don't take this as an insult, your site's CSS and JS cannot possibly be that special that you must protect them. They are just code and even if they are very special, there's really not a way to keep them safe except not releasing them at all.

The only method that exists for Javascript is "encryption" which is not actually encryption but instead just transforming the code into a format that is difficult to read. But even here it is always possible to reverse the process (because in order to use the code, the visitor's computer must know how to "decrypt" it), so this is a lot of wasted time and results in effectively the same thing.

The only successful protection you'll find is simply confusing less knowledgeable visitors. Some may be simply confused by external stylesheets. Others may find it harder to find dynamically included files (so you could try to use Javascript to include external css/js files).
But in the end this will be a waste of time because the users who are stealing your code will probably already know all these tricks and how to get around them.

Do what you'd like, but I'll say very clearly that if you attempt this you will in some way hurt the experience of your "nice" visitors, while likely not stopping the "bad" visitors from stealing.

M rosi
07-21-2010, 06:24 AM
yaa! that's right. may it can't be hide external javascript from user.

but can it be like this,

instead of hide javascript in the header part, we can hide the code in the body part using echo which is calling the javascript

then, when someone download the page to local computer, it will not work without that part which we hide using echo.

can it be possible?

I tried this several times but I couldn't. so I hope you all will help me.

thank you.

M rosi
07-21-2010, 06:34 AM
as an example,

instead of

<td width="53%"><div align="center">
<script type="text/javascript">new inter_slide(slides)</script>

can use like this code(this is not working)

<td width="53%"><div align="center">
<?php echo "<script type="text/javascript">"."new inter_slide(slides)"."</script>" ?>

07-21-2010, 12:53 PM
Echo puts whatever is inside it in the page, so no it would save with the source exact same source. To try it out try this code.

<?php echo '<script type="text/javascript">new inter_slide(slides)</script>';?>

You can not do it.

07-21-2010, 01:34 PM
PHP executes on the server. If the user saves a page, it will also save any code generated from PHP.

No, it is still not possible.

If you find a way to NOT send this to the user, then they will not be able to use the Javascript either. I said that before.

This is like asking someone to read a story you wrote then trying to find a way to make sure they can't steal your idea-- either they read the story and remember it, or they do not read the story and they do not remember it. There's no way to change this. (Of course, like a person's memory, if something interferes, like a virus, that might stop it, but that's the only exception here and certainly not something I'd recommend or suggest is possible from a webpage.)

07-21-2010, 04:04 PM
That's not your javascript anyway, right? It's my:


which is in the public domain.

M rosi
07-21-2010, 06:42 PM
Yaa jscheuer1!
but please note, i put that code just for an example.
i want to protect my site. so I hope you will help me. because you are a master of code... please help me....

thank you.