Skip to content Skip to sidebar Skip to footer

Obfuscation Of Script Src

I need to obfuscate such code: What is the best way to do it?

Solution 1:

You simply can't. Even if you obfuscate it, once browser downloads it, script URL in unobfuscated form will appear in Web Inspector or Firebug, along with all other loaded resources.

As Web Inspector is standard component of Safari and Chrome and Firebug is one of most popular extensions for Firefox, most users are only a few clicks away from revealing source of your script.


Solution 2:

What you are attempting to do is most likely a bad idea, but I'll give you an idea to help get you where you want to go.

Use your back end language (I shall assume PHP) to echo the entire contents of the script into the DOM.

<?php echo "<script>" . $scriptloadedintovar . "</script>"; ?>

This way your script will appear in the page without a src tag.

This is almost kind of reasonable for a small script, but is really doofy for a big one. In general, hiding the locations of your scripts isn't the best security practice. Instead, place your scripts into a folder that is OK to be explored via the web. Most frameworks call this the "webroot" folder, and it is where your images, CSS, and Javascript should live.

Incidentally, if you are trying to hide the fact that your script is coming from another website, that's also a bad idea too. Please don't do that.


Post a Comment for "Obfuscation Of Script Src"