如何隐藏或加密 JavaScript 代码?
有没有办法隐藏或加密 JavaScript 代码以防止人们查看、复制和/或修改专有程序?
Is there any way to hide or encrypt JavaScript code to prevent people from viewing, copying, and/or modifying proprietary programs?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
您可以混淆它,但没有办法完全保护它。
混淆器示例:
https://obfuscator.io
You can obfuscate it, but there's no way of protecting it completely.
example obfuscator:
https://obfuscator.io
不,这是不可能的。 如果它运行在客户端浏览器上,则必须由客户端浏览器下载。 使用 Fiddler 检查 HTTP 会话并获取任何下载的 js 文件非常简单。
您可以使用一些技巧。 最明显的方法之一是使用 JavaScript 混淆器。
话又说回来,混淆只能防止随意窥探,并不能防止人们盗用和使用您的代码。
您可以尝试以 Flash 影片的形式编译动作脚本。
No, it's not possible. If it runs on the client browser, it must be downloaded by the client browser. It's pretty trivial to use Fiddler to inspect the HTTP session and get any downloaded js files.
There are tricks you can use. One of the most obvious is to employ a javascript obfuscator.
Then again, obfuscation only prevents casual snooping, and doesnt prevent people from lifting and using your code.
You can try compiled action script in the form of a flash movie.
虽然每个人都普遍认为 Javascript 加密是一个坏主意,但有一些小用例会减慢速度攻击总比没有好。
您可以从 YUI Compressor (如@Ben Alpert)所说,或 JSMin、Uglify 或更多开始。
然而,我真正想要“隐藏内容”的主要情况是当我发布电子邮件地址时。 请注意,当您点击“检查元素”时,Chrome 会出现问题。 它会显示您的原始代码:每次。 这就是为什么混淆通常被认为是更好的方法。
在这一点上,我采取了两管齐下的攻击,纯粹是为了减慢垃圾邮件机器人的速度。 我对 js 进行混淆/缩小,然后通过编码器再次运行它(同样,第二步在 chrome 中完全没有意义)。
虽然不完全是纯粹的 Javascript 编码器,但我发现的最好的 html 编码器是 http://hivelogic.com/enkoder/。 它将把这个: 变成
这样:
也许这足以减慢一些垃圾邮件机器人的速度。 我还没有收到任何垃圾邮件(!)。
While everyone will generally agree that Javascript encryption is a bad idea, there are a few small use cases where slowing down the attack is better than nothing.
You can start with YUI Compressor (as @Ben Alpert) said, or JSMin, Uglify, or many more.
However, the main case in which I want to really 'hide stuff' is when I'm publishing an email address. Note, there is the problem of Chrome when you click on 'inspect element'. It will show your original code: every time. This is why obfuscation is generally regarded as being a better way to go.
On that note, I take a two pronged attack, purely to slow down spam bots. I Obfuscate/minify the js and then run it again through an encoder (again, this second step is completely pointless in chrome).
While not exactly a pure Javascript encoder, the best html encoder I have found is http://hivelogic.com/enkoder/. It will turn this:
into this:
Maybe it's enough to slow down a few spam bots. I haven't had any spam come through using this (!yet).
最好的压缩器(不是专门的混淆器)之一是 YUI 压缩器。
One of the best compressors (not specifically an obfuscator) is the YUI Compressor.
JavaScript 是一种脚本语言,因此在 JavaScript 运行时解释和执行之前一直保持人类可读的形式。
部分隐藏它的唯一方法(至少对技术含量较低的人来说)是混淆。
混淆使人类更难阅读它,但对于技术娴熟的人来说并非不可能。
JavaScript is a scripting language and therefore stays in human readable form until it is time for it to be interpreted and executed by the JavaScript runtime.
The only way to partially hide it, at least from the less technical minds, is to obfuscate.
Obfuscation makes it harder for humans to read it, but not impossible for the technically savvy.
保护您的代码的唯一安全方法就是不泄露它。 通过客户端部署,无法避免客户端访问代码。
所以简短的答案是:你做不到。
较长的答案是考虑 Flash 或 Silverlight。 尽管我相信 silverlight 会很乐意通过在客户端上运行反射器来泄露它的秘密。
我不确定闪存平台是否存在类似的东西。
The only safe way to protect your code is not giving it away. With client deployment, there is no avoiding the client having access to the code.
So the short answer is: You can't do it
The longer answer is considering flash or Silverlight. Although I believe silverlight will gladly give away it's secrets with reflector running on the client.
I'm not sure if something simular exists with the flash platform.
如果您有任何特别想要隐藏的内容(例如专有算法),请将其放在服务器上,或者将其放入 Flash 影片中并使用 JavaScript 调用它。 编写 ActionScript 与编写 JavaScript 非常相似,您可以在 JavaScript 和 ActionScript 之间进行通信。 您可以使用 Silverlight 执行相同的操作,但 Silverlight 不具有 Flash 的穿透力。
但是,请记住,任何移动电话都可以运行 JavaScript,但不能运行 Silverlight 或 Flash,因此如果您使用 Flash 或 Silverlight,就会削弱移动用户的能力。
If you have anything in particular you want to hide (like a proprietary algorithm), put that on the server, or put it in a Flash movie and call it with JavaScript. Writing ActionScript is very similar to writing JavaScript, and you can communicate between JavaScript and ActionScript. You can do the same with Silverlight, but Silverlight doesn't have the penetration Flash does.
However, remember that any mobile phones can run your JavaScript, but not Silverlight or Flash, so you're crippling your mobile users if you go with Flash or Silverlight.