php - 隐藏 javascript 使其不显示在浏览器中

Question

我在我的文件中使用了一些 javascript。但是当我们查看源代码时，它会按原样显示我们的 javascript。有什么方法可以隐藏我们的 javascript，使其不使用 php.ini 显示在浏览器中。

Answer 1

javascriptobfuscator.com 上有一个免费的 javascript 混淆器。它不会阻止敬业的人“窃取”您的代码，但正常的复制和粘贴并不容易。

另请参阅此问题：如何混淆（保护）JavaScript？. 它包含一些非常好的答案，并解释了这是如何通过默默无闻来实现安全性的。

Answer 2

这就是它的工作原理，它对每个人都可见。不过，您可以混淆它。

Answer 3

由于 Javascript 在浏览器内执行，在客户端机器上，它必须被发送到该客户端机器。

因此，无论以何种方式，客户必须能够阅读它。所以，不，如果他们愿意，你不能阻止你的用户看到 JS 代码。

您可以混淆它，但是真正想要获取您的源代码的人总是能够（如果很难的话）......但问题是：如果他们想要，您为什么要阻止您的用户查看 JS 源代码?

作为旁注：使用缩小/混淆的 JS 代码，当您遇到错误时，将很难追踪...（并且您确实必须在开发/测试机器上保留无混淆版本）

Answer 4

我建议缩小它，这将删除代码中的注释和空白。如果您不希望变量的名称可见，则需要对其进行混淆。

Answer 5

我不确定这是否可行，我可能会尝试一下。但基本上：

<script type="text/javascript" src="MyScript.php"></script>

在 PHP 文件中添加某种引用来检查请求它的页面或最后一页是什么。然后，如果它是您自己的页面之一，则回显 JS，如果不是，则不要回显它。仍然可以阅读 JS，但比仅查看源代码和去混淆它更难。所以你也可以混淆 .php 文件中的代码。

Answer 6

不。javascript 在客户端执行。

Answer 7

There is another way of hiding the Javascript for the most simple users

Just test here to try finding the javascript behind the textbox...

Yet, the script is still visible for experienced users -see the bottom of this post to understand why-

The idea is to put your javascript functions in a separate ".js" file. When loading your source PHP or HTML page, instead of calling it directly with

<SCRIPT language="JavaScript" SRC="original_file_to_hide.js"></SCRIPT>

, you will include a header php script that will copy the "mysource.js" file to a random "kcdslqkjfldsqkj.js" file, and modify your HTML file to call

<SCRIPT language="JavaScript" SRC="temporary_copy_of_the_file.js"></SCRIPT>

instead. After that, just delete the copy kcdslqkjfldsqkj.js file on your server, and when the user will look for the source code, the browser will link to a vanished file !!!

So this is for the theory, next, there is a small issue to workaround : if the HTML/PHP file is loaded too fast, your script will be vanished from your server before the browser had time to load the script.

Thus, you need

1. To copy the file to a different random name
   
2. To load the file in the source PHP file
   
3. To wait a few seconds after your HTML/PHP file is loaded before...
4. ...Deleting the file

Here is the source for the HTML/PHP "test.php" page which is to be displayed to the end-user:

<?php
    //javascript source code hiding technique : Philippe PUECH, 2013

    //function thanks to Stackoverflow, slightly modified
    //http://stackoverflow.com/questions/4356289/php-random-string-generator
    function RandomString()
    {
        $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
        $randstring = '';
        for ($i = 0; $i < 10; $i++) 
            {
                $randstring = $randstring.$characters[rand(0, strlen($characters))];
            }
        return $randstring;
    }

    //simple header script to create a copy of your "precious" javascript ".js" file
    $original_filename="functions.js"; //find a better (complicated) name for your file
    $hidden_filename=RandomString().".js";  //temporary filename
    copy($original_filename,$hidden_filename);

?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Catch my Javascript if you can !</title>

</head>

<SCRIPT language="JavaScript" SRC="<?php echo($hidden_filename); ?>"></SCRIPT>

<script type="text/javascript">
</script>

<body onLoad="javascript:testfunc();">
    This is the page with anything you like !
</body>

</html>
<?php
    sleep(1);
    //you can comment following line
    echo "finished !";
    unlink($hidden_filename);
?>

Here is the source for the "functions.js" file which will be hidden to the user.

// JavaScript Document
function testfunc(){
    alert("It works...");
}

However, as told in the comment, the developer tools of the browser will keep the script in memory, and make it still visible to the curious users... ;-((