HTML security
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: HTML security

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    6

    Question HTML security

    Hello all,

    I have a small question that could use your help...

    I am trying to hide html code that is on a webpage from being viewed through the source code viewer in IE or any browser...

    for instance,

    <bgsound src="http://www.mysite.com/something to display.xyz" loop="infinite">
    or <body> something something </body>

    could this be hidden from someone who would (in IE)do: view->source...

    Could someone tell me if it is possible or not and how you would do it?

    thanks in advance
    cmd

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    214
    There is a way, but it is definately not fail-safe. It can only prevent beginners and stuff like that. Anyway here's the code:

    <Script language="JavaScript">
    <!--

    z="the text that is shown in the alert goes here";
    function click(which) {
    if (document.all) {
    if (event.button==2 || event.button==3) {
    alert(z);
    return false;
    }
    }
    if (document.layers) {
    if (e.which == 3) {
    alert(z);
    return false;
    }
    }
    }
    if (document.layers) {
    document.captureEvents(Event.MOUSEDOWN);
    }
    document.onmousedown=click;

    // -->
    </Script>

    Just put that in between the <head> tags of your html page, edit that alert text, and you're good to go. But like I said, there are definately other (easy) ways to get the source code.

    -Mike
    Either get busy living or get busy dying.

    -The Sawshank Redemption

  3. #3
    Member
    Join Date
    May 2002
    Posts
    40
    there are definately other (easy) ways to get the source code
    This code only prevent the user from right click the page and then go to source. He can just click View->Source to view the source anyway.

    But nice code.

  4. #4
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    You cannot stop people fromk viewing the HTML code that your web pages consist of. It's simply not possible. The entire, *unecrypted* HTML has to be sent to the browser in order for it to render pages. Sure, there are numerous ways of making it more difficult for someone to do this, like disabling right-clicking (although this really annoys me because I often use right clicking to navigate, copy/paste etc.), but at the end of the day you're going to have to accept that people will always be able to see the HTML if they want to.

    There were rumours of a product that would encrypt your HTML code when it sent it to the browser, but such a technique would require every visitor to your site to have a special plugin, so it's almost useless (the encryption would have to be two way as well so that the browser could decrypt and render the HTML properly, and I imagine that someone would come along quite quickly and write a program to do this anyway). If someone really wants to see your HTML code, they'll just make a standard GET request for it using a program such as telnet anyway.

    Shouldn't this thread be in the web development forum, since it's mainly about HTML?
    Paul Waring - Web site design and development.

  5. #5
    Banned
    Join Date
    Jun 2002
    Posts
    6
    you could try to makes Frames and put the JS Alerts code in the frames.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You can't generally do it, but how about::

    - Have some Javascript generate a string using a complicated algorithm, then document.write a script element to read in a further Javascript (named with the complicated algorithm string in) and that JS can write the HTML with document.write()

    Ideally hash window.location.href into the algorithm so if someone nicks it it doesn't work

    Pretty it aint but will stop some not-very-determined people.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207

  8. #8
    There is a program in the net somewhere which actually encrypts the html code. When you view the source, you only see cryptic letters and numbers.

  9. #9
    Junior Member
    Join Date
    Feb 2002
    Posts
    4
    yeha there is some program the changes the code, and I've seen it done. I got a feeling that it changes the code to things like, %20 etc etc, it may seem quite pointless, but once you convert the whole thing, then you'll see why ... I was trying to read someone elses code, and it was truely annoying and difficult.
    No plugins were required also, that'd be the best way I guess.

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    310
    There is a program in the net somewhere which actually encrypts the html code. When you view the source, you only see cryptic letters and numbers.
    Actually it doesn't encrypt it. It just changes the spaces and symbols to..hex i think? And it's not a program, it's a simple subsituting script. The site use to be http://www.codeseal.com but that doesn't work anymore. But guess what? For your convience i've attached the code seal page! Hope this ...helps someone out there...


    BTW trevorf is right when he said it was truely annoying and difficult to read. But it is not impossible to steal the source. I'm sure myself or anyone else can come up with a program/script that would do the exact opposite of what this does. But it is good for kiddie sites i guess. Oh and one last thing, if your page is very content heavy, this will just add to the size of the page. Weigh in the advantages and disadvantages for yourselves.
    Cheers!

    P.S incase you didn't know... rename the .txt file to .htm
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •