在 Javascript、CSS 或 HTML 代码中隐藏或加密注释信息的最佳方法是什么?
在深入研究 facebook 的 css 和 html 代码时,我发现了一些注释,这些注释似乎是为了隐藏信息而加密的。这可能是某种调试信息,保留以供以后使用可能很有用。注释如下例所示:
/*[XnbHYrH~LGxMu]p`KYO^fXoOK]wFpBtjKdzjYssGm~[xISvmX0J]xhEMxwV_NjvnWm]jAyo`@}VtxqZ{QC`M|yxHMBLE[ZsaeCgU[aG}|K|`Icu`hxiAzM|j~RRkiO|AF`_KuuEnfd_I[P}BDo`ykXBjUjt_nza@^hh?CEQp~KHR|z`llKuTxM_lJp*/
使用此 python 代码段 ''.join(sorted(set(comment))) 快速分析加密文本显示仅使用了 64 个不同的字符。
'0?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~'
就性能、大小和浏览器兼容性而言,一种廉价的方法是使用自定义字符映射对原始文本进行 Base64 编码。
更新:我为最佳解决方案定义的一些约束是快速编码、低计算时间和小输出大小以减少带宽。另一方面,如果需要的话,应该可以通过脚本和某种秘密轻松检索原始信息。用途更多的是隐藏非敏感数据,因此不需要强加密。对于花时间在上面的人来说,它应该是经济上没有吸引力的。
While digging through facebook's css and html code I found some comments which seems to be encrypted in order to hide information. This could be some kind of debugging information which might be useful to keep for later use. The comments are looking like this example:
/*[XnbHYrH~LGxMu]p`KYO^fXoOK]wFpBtjKdzjYssGm~[xISvmX0J]xhEMxwV_NjvnWm]jAyo`@}VtxqZ{QC`M|yxHMBLE[ZsaeCgU[aG}|K|`Icu`hxiAzM|j~RRkiO|AF`_KuuEnfd_I[P}BDo`ykXBjUjt_nza@^hh?CEQp~KHR|z`llKuTxM_lJp*/
A quick analysis of the encrypted text with this python snippet ''.join(sorted(set(comment))) shows that only 64 different characters are used.
'0?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~'
In terms of performance, size and browser-compatibility one cheap approach would be a base64 encoding of the raw text with a custom char mapping.
Update: Some of the constraints I would define for a best solution is a fast encoding with low computation time and a small output size for reduced bandwidth. On the other side it should be easy to retrieve the original information with a script and some kind of secret if needed. The usage is more for hiding non-sensitive data, so there is no need for strong encryption. It just should be economical unattractive for someone spending time on it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我使用霍夫曼代码和 Base64 对我网站上的一些数据进行编码。我认为它很难绕过,而且我也得到了一些压缩。这更像是我犯的一个意外。但如果您能解释一下在这种情况下如何最好地定义那就太好了?你有限制吗?
I use a huffman code and base64 to encode some data on my website. I think it's very hard to bypass and I get some compression too. That was more an accident I did. But it would be nice if you can explain how you define best in this context? Do you have constraints?
我不知道他们在这里做什么,但我想说你永远不应该故意向客户端发送敏感数据或任何你想隐藏的东西,无论它是否加密。这不仅很危险(如果您的加密有可能被破坏),而且还浪费带宽。
如果出于某种原因您绝对需要在源代码中保留某些内容,那么您应该有一个预发布工作来将其删除,这样它就不会被发布。
I don't know what they're doing here, but I'd say you should never intentionally send sensitive data or anything you want to hide to a client, regardless of whether it's encrypted or not. Not only is it dangerous (if by some chance your encryption is broken) but it is wasting bandwidth.
If you absolutely need to keep stuff in your sourcecode for some reason, then you should have a pre-release job to strip it out so it never gets published.