HTML quesion
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: HTML quesion

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    14

    Question HTML quesion

    Is there anyway to fully protect others from seeing your source code?

    You can make the person do more work getting to it but can you fully stop someone from viewing the page.

    Just wondering
    C:\\DOS
    C:\\DOS\\RUN
    RUN\\DOS\\RUN

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    No.

    You have to let the viewer download the html to their web browser in order for their computer to display the page. Once it's on their computer, you don't actually have any control over what they do with it. You can use tricks to make certain web browsers hesitant to display the source, but the viewer can always use a different program to get the page, such as telnet/wget/curl/netcat.

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Well, if you do the entire page in php or asp, then they don't see the source, but there is no way to do it with html.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    I did some research and this is what I could come up with. Hope it helps :


    "There are ways to make it more difficult for your visitors to read your source code. Here are some of them:

    (1) Adding dozens of carriage returns at the top of your HTML page

    This one has fooled me a couple of times. All you see is a lot of blank space - but just keep scrolling down and you'll find the source code.

    (2) Using frames

    When you try to view the source code of a page using this technique, all you see is the first ten or fifteen lines of HTML. But just save the page to a folder on your hard disk and then look for a sub-folder where the images in that page were saved to.

    In the sub-folder you'll find an HTML file that contains the source code you were looking for. Again, this won't fool experienced users, but it's worth a shot. Here is the code:
    http://www.ezine-writer.com/framescode.html.

    (3) Disabling Right Click

    This is an old trick and experienced surfers know how to get around it. Here it is anyway - a script that disables Right Click:
    http://www.ezine-writer.com/rightclick.html

    (4) Disabling View Source

    I searched high and low for a script that disables 'View Source' in the browser menu bar, and couldn't find one.

    Here is a script that is supposed to disable 'View Source' - I tried it out in my browser (IE 6.0) and it didn't work, so perhaps it only works in older versions of IE:
    http://www.ezine-writer.com/no-source-code.html

    (5) Encryption plus frames

    This is a technique that will work on all but the most experienced web surfers. Here is the code for doing it:
    http://www.ezine-writer.com/hidesource.html

    I've created a copy of my index page using the above technique - if you click on View Source, all you see is a jumble of characters:
    http://www.ezine-writer.com/encrypted.htm"

    by: Michael Southon

  5. #5
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    dead links
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    sorry bout the dead links...i just checked myself ....well at least u get the idea so u mite search on google for those scripts.

    /edit; THis works for netscape 6.0 but not IE 5.5,

    <!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
    <html>
    <head>
    <title> New Document </title>
    <script language="JavaScript">
    window.menubar.visible=false;

    function disableMenu(){
    window.menubar.visible=false;

    }
    function enableMenu(){
    window.menubar.visible=true;

    }

    </script>
    </head>
    <body bgcolor="#FFFFFF">
    <script language="JavaScript">
    document.oncontextmenu = function(){return false}
    if(document.layers) {
    window.captureEvents(Event.MOUSEDOWN);
    window.onmousedown = function(e){
    if(e.target==document)return false;
    }
    }
    else {
    document.onmousedown = function(){return false}
    }
    </script>
    <form name=frm>
    <input type=button name=btn value="Hide menubar" oclick='disableMenu()'/>
    <input type=button name=btn value="Show menubar" oclick='enableMenu()'/>
    </form>
    </body>
    </html>

    Add this: <BODY oncontextmenu="return false"> to body for IE 5.5 to prevent right click.





    Here's a few more codes i googled around that could work:


    <SCRIPT language=JavaScript1.1>
    <!-- Begin
    function right(e) { if (navigator.appName == 'Netscape' && (e.which == 3 || e.which == 2)) return false; else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 || event.button == 3)) { alert("This function disabled"); return false; } return true; } document.onmousedown=right; if (document.layers) window.captureEvents(Event.MOUSEDOWN); window.onmousedown=right;
    // End -->
    </SCRIPT>


    OR

    <script language=JavaScript>
    <!--

    //Disable right mouse click Script

    var message="Function Disabled!";

    ///////////////////////////////////
    function clickIE4(){
    if (event.button==2){
    alert(message);
    return false;
    }
    }

    function clickNS4(e){
    if (document.layers||document.getElementById&&!document.all){
    if (e.which==2||e.which==3){
    alert(message);
    return false;
    }
    }
    }

    if (document.layers){
    document.captureEvents(Event.MOUSEDOWN);
    document.onmousedown=clickNS4;
    }
    else if (document.all&&!document.getElementById){
    document.onmousedown=clickIE4;
    }

    document.oncontextmenu=new Function("alert(message);return false")

    // -->
    </script>



    Haven't tested them so not sure if they're gonna work or not....good luck

  7. #7
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    The answer is no....period. The browser has to be able to read the html for the end user to view anything. This means that any encoding method you use will be able to be decoded. Any client side scripting can be removed or turned off.

    Server side scripting solutions only keep the end user from seeing the server side script. They won't see your asp, jsp, or php (unless your code sucks) but they will see any client side script and html.

    Carriage returns will not hide it, they will just make the users scroll down.

    Frames will not hide it, they will just force the user to view source on the appropriate frame.

    The only possible way I could think of is if you displayed all your content through an activex control or java applet that is in a very simple html page. It is still possible for the end user to de-construct the applet/control...but it is a bit harder (but still not all that hard since there is software out on the net to do just that).

    Anyone who tells you that you can keep your html secret is blowing smoke up your...
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  8. #8
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    I agree with juridian, there is NO way so far that you can keep people from viewing your source. All you can do is just make it harder for them to see using some of the mentioned methods.


    you can encrypt the source code though. Download a free trial version here: http://www.share2.com/htmlencr/ and you could buy the full version if u must not show the source code to any1

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Cybr1d, WebProtector is pure snake oil. It took me 15 minutes to break their encryption, and I was doing other stuff at the time. The problem is that they're delivering your encrypted web page, and the JavaScript to decrypt it. You can just manually use their handily-supplied JS to decrypt the HTML source on your own.

    Again, it makes it less convenient to look at somebody else's code, but it's not very different from putting blank lines at the top of the file or adding JS to disable the right-click menu (as long as you're using IE).

    edit
    BTW, here's their sooooper-secret "decryption" code. A lookup table, wow. Whee! Am I a DMCA violator now?
    Code:
    function a(s) {
         t="<euHVqn3lYBJ5s#vC%X7j,~'_]$T[Z+gF4`Sf^p2r/9)NL@=U.z6:IaP (md*8A?x&hRM;>}{G-Wwo1Oycbi!DKQ|0tkE";
         o=new String;
         l=s.length;
         for (i=0;i<l;i++) {
              n=t.indexOf(s.charAt(i));
              if(n==1) {
                   o+=s.charAt(i);
                   continue
              }
              if(n==0) {
                   o+=String.fromCharCode(10);
                   continue
              }
              if(n==1) {
                   o+=String.fromCharCode(13);
                   continue
              }
              if(n>1) {
                   o+=String.fromCharCode(n+30)
              }
         }
         document.write(o)
    }

  10. #10
    Junior Member
    Join Date
    Aug 2003
    Posts
    1
    Stegnography
    Is there anyone who know how to decrypt a message who is hidden in a text on a html page. The message is exactly like a know article, in this case Einsteins Incompleteness Argument.
    Best regards
    Haag

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides