混淆网页中的文件名
我正在创建一个网络应用程序,它将获取调查类型的数据。 用户会看到几个文件并被问到一个问题。用户为了不扭曲数据,一定不能知道文件的文件名。
为 JPlayer 实例创建一个空 div,并在该 div 中添加了“位置”属性,因此在客户端设置 JPlayer 实例时,JPlayer 知道要播放什么 .wav
<div id="jquery_jplayer" class="jp-jplayer" location="sound.wav"></div>
以下是设置要播放的声音的 javascript,在这里很容易看到文件位置只是从 div 中拖动
$("#jquery_jplayer").jPlayer("setMedia", {
wav: $(this).attr("location")
});
基本上,目的是从 HTML 文档中隐藏“sound.wav”并保持 javascript 动态。 混淆和反混淆之间的翻译文件是可能的,但保持这种动态会很好。
I'm creating a web-application which will be taking survey-type data.
Users are presented with several files and asked a question. The user, in the hope of not skewing data, must not be able to know the file name of the file.
An empty div is created for a JPlayer instance to sit in, and I have added the "location" attribute to the div, so while setting up the JPlayer instance on the client side the JPlayer knows what .wav to play
<div id="jquery_jplayer" class="jp-jplayer" location="sound.wav"></div>
Here is part of the javascript which sets up the sounds to be played and here its easy to see that the file location is simply dragged from the div
$("#jquery_jplayer").jPlayer("setMedia", {
wav: $(this).attr("location")
});
Basically, the intention is to hide "sound.wav" from the HTML document and keep the javascript dynamic.
A translation file between obfuscated and deobfuscated could be possible but it would be nice to keep this dynamic.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您想真正对查看者隐藏逻辑,那么您需要在服务器端而不是使用客户端 JavaScript 来完成。您可以使对客户端代码中发生的事情的剖析“复杂化”,但您无法真正隐藏它。
如果您需要有关混淆的进一步帮助,您必须更好地描述您真正想要做什么。当前的描述似乎没有提供足够的信息。这个文件路径是什么?它的用途是什么?为什么需要隐藏它?
如果你真正想要的只是一个 Javascript 函数来混淆和反混淆声音文件名,你可以通过 Google 找到很多选项,具体取决于你想要的详细程度。我的猜测是,确定的作弊行为不会被愚弄(因为所有代码都是用于反混淆的),因此您真正要做的就是使其乍一看并不明显。因此,任何简单的算法都可以。
由于您已经在使用 jQuery,因此这里有一个执行简单字符串混淆的 jQuery:http://plugins.jquery。 com/project/RotationalStringObfuscator。您必须自己在某种测试应用程序中运行混淆器来记录服务器应将每个文件名设置为什么,然后当您想要实际使用文件名时在客户端中执行相反的操作。
如果你问我,更好的解决方案是从一开始就给文件名指定无意义的名称。这将是像 395678264.wav 这样的名称,并以这种方式使用它们(在服务器和客户端上)。那么,这个名字对于任何窥探的人来说就毫无意义。不需要反混淆或转换表,因为这是真实的文件名。
If you want to truly hide logic from your viewers, then you need to do it server-side rather than with client-side javascript. You can "complicate" the dissection of what is happening in the client-side code, but you cannot truly hide it.
If you want further help with the obfuscation, you'll have to describe better what you're really trying to do. The current description doesn't seem to offer enough information. What is this file path? What is it being used for? Why do you need to hide it?
If what you really want is just a Javascript function to obfuscate and de-obfuscate the sound filename, you can find lots of options with Google depending upon how elaborate you want to get. My guess here is that the determined cheat won't be fooled (since all the code is there for deobfuscating) so all you're really trying to do is make it non-obvious at first glance. Thus, any simple algorithm will do.
Since you're already using jQuery, here's a jQuery that does simple string obfuscation: http://plugins.jquery.com/project/RotationalStringObfuscator. You'd have to run the obfuscator yourself in some sort of test app to record what the server should set each filename to and then do the reverse in the client when you want to actually use the filename.
If you ask me, a better solution would be to give the filenames non-meaningful names from the beginning. This would be names like 395678264.wav and just use them that way (on both server and client). Then, the name is meaningless to anyone snooping. No deobfuscation or translation table is required because this is the real filename.