-
June 19th, 2002, 03:43 AM
#1
Junior Member
HTML security
Hello all,
I have a small question that could use your help...
I am trying to hide html code that is on a webpage from being viewed through the source code viewer in IE or any browser...
for instance,
<bgsound src="http://www.mysite.com/something to display.xyz" loop="infinite">
or <body> something something </body>
could this be hidden from someone who would (in IE)do: view->source...
Could someone tell me if it is possible or not and how you would do it?
thanks in advance
cmd
-
June 19th, 2002, 03:59 AM
#2
Senior Member
There is a way, but it is definately not fail-safe. It can only prevent beginners and stuff like that. Anyway here's the code:
<Script language="JavaScript">
<!--
z="the text that is shown in the alert goes here";
function click(which) {
if (document.all) {
if (event.button==2 || event.button==3) {
alert(z);
return false;
}
}
if (document.layers) {
if (e.which == 3) {
alert(z);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
}
document.onmousedown=click;
// -->
</Script>
Just put that in between the <head> tags of your html page, edit that alert text, and you're good to go. But like I said, there are definately other (easy) ways to get the source code.
-Mike
Either get busy living or get busy dying.
-The Sawshank Redemption
-
June 19th, 2002, 07:42 AM
#3
there are definately other (easy) ways to get the source code
This code only prevent the user from right click the page and then go to source. He can just click View->Source to view the source anyway.
But nice code.
-
June 19th, 2002, 08:17 AM
#4
You cannot stop people fromk viewing the HTML code that your web pages consist of. It's simply not possible. The entire, *unecrypted* HTML has to be sent to the browser in order for it to render pages. Sure, there are numerous ways of making it more difficult for someone to do this, like disabling right-clicking (although this really annoys me because I often use right clicking to navigate, copy/paste etc.), but at the end of the day you're going to have to accept that people will always be able to see the HTML if they want to.
There were rumours of a product that would encrypt your HTML code when it sent it to the browser, but such a technique would require every visitor to your site to have a special plugin, so it's almost useless (the encryption would have to be two way as well so that the browser could decrypt and render the HTML properly, and I imagine that someone would come along quite quickly and write a program to do this anyway). If someone really wants to see your HTML code, they'll just make a standard GET request for it using a program such as telnet anyway.
Shouldn't this thread be in the web development forum, since it's mainly about HTML?
-
June 19th, 2002, 08:36 AM
#5
you could try to makes Frames and put the JS Alerts code in the frames.
-
June 19th, 2002, 12:11 PM
#6
You can't generally do it, but how about::
- Have some Javascript generate a string using a complicated algorithm, then document.write a script element to read in a further Javascript (named with the complicated algorithm string in) and that JS can write the HTML with document.write()
Ideally hash window.location.href into the algorithm so if someone nicks it it doesn't work
Pretty it aint but will stop some not-very-determined people.
-
June 19th, 2002, 12:36 PM
#7
-
June 19th, 2002, 12:46 PM
#8
There is a program in the net somewhere which actually encrypts the html code. When you view the source, you only see cryptic letters and numbers.
-
June 19th, 2002, 12:55 PM
#9
Junior Member
yeha there is some program the changes the code, and I've seen it done. I got a feeling that it changes the code to things like, %20 etc etc, it may seem quite pointless, but once you convert the whole thing, then you'll see why ... I was trying to read someone elses code, and it was truely annoying and difficult.
No plugins were required also, that'd be the best way I guess.
-
June 19th, 2002, 01:15 PM
#10
There is a program in the net somewhere which actually encrypts the html code. When you view the source, you only see cryptic letters and numbers.
Actually it doesn't encrypt it. It just changes the spaces and symbols to..hex i think? And it's not a program, it's a simple subsituting script. The site use to be http://www.codeseal.com but that doesn't work anymore. But guess what? For your convience i've attached the code seal page! Hope this ...helps someone out there...
BTW trevorf is right when he said it was truely annoying and difficult to read. But it is not impossible to steal the source. I'm sure myself or anyone else can come up with a program/script that would do the exact opposite of what this does. But it is good for kiddie sites i guess. Oh and one last thing, if your page is very content heavy, this will just add to the size of the page. Weigh in the advantages and disadvantages for yourselves.
Cheers!
P.S incase you didn't know... rename the .txt file to .htm
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|