Link to home
Start Free TrialLog in
Avatar of moe10
moe10Flag for United States of America

asked on

protect my html code?

How can i make it so nobody can view or copy the html code on my page???
Avatar of DKostov
DKostov

No way
In order for the browser to display the page it has to download the code. If I display your page on my machine. It has to be in readable format for the browser to execute it.  

There is nothing you can do to prevent me from having access to the code for a page on my computer.

I know that's not the answer you want to hear, but it's the only one there is.

Cd&
You can use that little javascript code
but it will only keep your code free from those newbies that only steal code :) ( what the most of us was and are for sure!! :)


function protect() {
    if (event.button==2){
        window.alert(You can't see the code.')
    }
}
document.onmousedown=protect


but of course , to get around this just click shift + f10
:) the option to see the code appears :))

[]'s

:..:::..::...::..::...::..::
handful of nothing
:..:::..::..::..:::..::..:.:

Avatar of moe10

ASKER

Is it possible to integrate another file that is located on your web page directory. And make it so the html code will check for this file and if it is not there it will not run. So then nobody could stell your code because they would not have the file that is needed to run the script.
it is not possible to hide your html code.  i dont understand why you would even want to, considering the complexity of html being just about nill.  the only thing that i can tell you is you can put your page in frames, so that if they view the source code they will see only how the frames are set up....but all you have to do is open the frame in a new window and view the source from there....sorry.
I always like to come into these kinds of questions because sometimes I get to add to a file I keep called "attempts to solve the impossible".

If the the code is going show a page on my machine, I have the code. It is on my machine and I can access anything on my machine, but I don't even need to bring the page in, I can get the code.

Frames always get suggested , as does JavaScript.

Look at the source of a frames page.  It contains the URLs of the pages. If I want to see that code Iuse this an a location:

view-source:http://"rest of the URL"

and it displays the code.  I can do the same thing for scripts and stylesheets.

The only thing that has not been suggest yet is encripted JavaScript, which is easily decripted after I have it on my machine.

You can discourage the casual surfer, but you cannot prevent access to the HTML, and almost all attempts result in a less enjoyable and effecient site.

That is THE answer!

Ooops, I forgot one other one: Put in a 1000 to so blank lines at the beginning, or in hte middle of the code, and it will look like there is no code.  The will add to load time, and won't fool anyone who wants your code.

Cd&
LoL Cobol I laugh so much when I see this "the 1000 blanks on the beginning
" and also the frame , I remember a site that had 5 frames let a little window on the midle wit a table full of images... so I don't even needed to open in another window ( was javascript ) o put a url in the locatin bar , I just click in a image and press
shift + f10 again  :)))

Well this topic stop where cobol said

you cannot prevent access to the HTML

And let's be honest, if you have a good code , that anyone would wants to copy , for sure you'll get the merit that you deserve it. and if you do something really great all of us will now who stolen who.

so.. do your code, and don't give a **** to those who copy it, someone will for sure know that he copied .


[]'s


:..:::..::...::..::...::..::
handful of nothing
:..:::..::..::..:::..::..:.:
handful,

>>>and don't give a s**t to those who copy it

Please be careful with your choice of word, some people could find that offensive.

Cd&

Use server side stuff and don't send the user anything useful!!
??? ... server sid stuff ... ????

Such as...

Cd&

Like write a DLL accessed through CORBA and have it generate HTML automatically, and just pass ID numbers on submit.  That way you don't have to give away any sophisticated code onto your webpage.

Then again client side is alright for some things!!! :?
>>>Generate HTML automatically

Which still has to be sent to the client for the browser to interpret. If you don't send the code to browser there is nothing for it to display.

Read the question:"How can i make it so nobody can view or copy the html code on my page???"

It does not matter how you generate the HTML to have a page rendered on my computer you must send HTML for the browser to interpret.  Any HTML that my browser interprets, I can acquire and view, and save.

How come no one has recommended an applet yet -- because its not HTML is it.

Cd&

Add the two following lines in your HEAD tag:

<META HTTP-EQUIV="EXPIRES" CONTENT="now">
<META HTTP-EQUIV="pragma" CONTENT="no-cache">

I know that other techniques exist, that desable right-click and source-view but this erases the page just after downloading and writes it only to memory. I think that NOKIA's web site has a code protected frame.
I'll try to steel the code because HTML-JavaScript code can always be seen.
Arno_webmaster.
This is pointless.  Does not work.  The HTML is still on the client. The "answer" is no more effective than some of the other comments. Please convert to a comment like everyone else, and assume that moe10 will select the most useful comment.

Cd&

BTW, those tags don't prevent caching they just tell the browser not to reload the page from cache, which forces it to go back to the site for such simple things as using the back button.

Cd&
you are hillarious COBOLdinosaur.

IT DOES NOT WORK PEOPLE.  YOU CANNOT DO IT.  HERE IS THE SOLUTION TO HIDING YOUR HTML CODE:


Dont have a web page.........



sorry had to do it.  this thread should end.....
Please don't shout. ;)

Cd&
Avatar of moe10

ASKER

Please don't stop the comments i find them very entertaining. Thanks for all the help!
I was begining to think you had left us.  There has been some fun and foolishness here, but by now I think you get the idea, there really is no solution, put on a copyright notice and ask the folks who stel your code to at least acknowledge that you are the author.

Cd&

To finish this off let me give you the ultimate code thief.  Anyone with a little bit of progamming skill can write their own browser.  To get the code for a page all the program has to do is send a message like any other browser, and the page will be delivered to it.

The program can now do what it wants with the contents of a page, like save it to a file.

Even if what is delivered compiled code in the form of say an applet, it can be disassembled and reverse engineered. Now that takes a little bit more advanced thief, but it's not rocket science.

If a hacker/cracker wants your code and you publish on the Intranet, there is no way to prevent hime from getting the code you need to render the page.

Cd&
I agree with many of you above. To complete my last message, here is a code that disables right click and save to disk. This can help to protect code from dummies.

<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
function protect(e) {
alert("Sorry, you don't have permission to right-click.");
return false;
}

function trap() {
if(document.images)
for(i=0;i<document.images.length;i++)
document.images[i].onmousedown = protect;
}
// End -->
</SCRIPT>
</HEAD>

<BODY OnLoad="trap()">
<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href="http://javascriptsource.com">The JavaScript Source</a></font>
</center><p>
If you send me the code you want to protect, I will encrypt it for you. I can then convert it to hexidecimal javascript. This will be almost impossible to steal. By the way, I can also make it so it will only run on your server. Email tjdw@home.com if you would like my help.
tjdw , to appears in the browser.. some html will be processed, so code will be read .
what, handful?
Don't bother with him handful he's jsut a point thief.  He can't answer question so he tries to steal contest entries with autograded non-answers.

question history:

Questions answered:11
Autograde: 9

Currently working his way acrss the site to see how many more contest entries he can steal.

Cd&
tjdw  https://www.experts-exchange.com/info/expertonly.html says:
"Please propose an "Answer" only when you are sure it will solve the questioner's problem. It is difficult for experts to find questions in need of answers when members interested in only obtaining points have locked questions."

When you "answer" a question, rather than posting a comment, it removes the question from the active question queue until either the person posting the question has a chance to respond, or until you convert your answer to a comment. This is unfair to the person posting the question.

Once the questioner sees a comment that he feels answers his question, all he has to do is click Accept Comment As Answer in the Green Bar for the comment he wishes to select. (You don't see that link, but the questioner does).

Also if he wants his file encrypted http://codeseal.com/ will do that for him, and it is not an effective way to protect web page code (there really is not a way, other than doing most of the heavy lifting stuff server side, in ASP, Perl, or some other language, and just generating HTML code for one particular situation.
Hello everyone,

tjdw - Will you be available for the next 5 or 10 years to provide your solution to future buyers/viewers of this question if your proposed answer is accepted?

Please do not offer email solutions unless there is no alternative. We will end up removing the Expert points and deleting the PAQ in many cases.

If you can post your solution then please do so.

I am rejecting the proposed answer.

darinw
Community Support
you go darinw.....you too singleton.....

I think this question should be over and done with.  Most of us have concluded that there is no way to hide html code.  If you go sever-side, html is still generated and sent to the visitors/users browser.  That is how it works.  No matter what you do html will be generated!

Right-Click prevention scripts are not a solution either.  With most systems, if you just hold down the left mouse button, and click the right button, the script is not interpreted correctly therefore making your code useless.  Besides that, any computer savy person knows how to navigate with just there keyboards.  Also, have you heard of clicking on the view menu at the top of the screen and clicking on source(in ie), or page source(in ns)?  Nope I am not done, how does a right click prevention script work on a mac?  It doesn't, most only have 1 mouse button.
Well everyone has been 100% right in this lengthy question.  Do you:

       -Give the points to first technically correct but not completely thourough answer (DKostov)

or

       -Give the points to the one that helped the most and spent the most time trying to explain it to you (COBOLdino) the way i see it.

============

Either way .... DO SOMETHING PLEASE - i'm sure these good people have better things to do.
Mimic34 is right, time to close the question...you still with us moe10?

Cd&
Why not give the points to an impartial bystander?
Try to find the source code for this page... I could not find it... ;-)
https://online.hbs.net.au/banking/HBSlogin.html
You can construct your html file in the following way:
1.build and .js included file with js function that will write the HTML, using document.write(...)
2.in the original file call the included function...
3.that's it
egbservices,

Note the protocol on the url https instead of http.  That means its a secure site using SSL (secure socket layers.  I can still get the code if I am willing to break the law.  I'm not going to post the method here because this is not a hacker/cracker site.

Cd&
Could anyone tell me what should happen?
I went to the given url
asked to show the code , and it appears normaly.
Why it shouldn't cobol?
the code has only a checkbrowser

[]'s

:..:::..:::..::..:::..:
handful of nothing
:..:..:::...::..:::.::.



<html>

<head>
<meta http-equiv="Expires" content="Mon, 09 Jul 1970 00:00:00 GMT">
<meta http-equiv="Pragma" content="no-cache">
<title>Heritage Online - Checking for JavaScript</title>
</head>

<body background="HBSimages/bankback.gif" bgcolor="#FFFFFF" TEXT="#000000" link="#000000"
vlink="#000000" alink="#000000">
<script language="javascript1.2">

        document.open()
        document.writeln("<HTML><HEAD><title> - Connecting... Please wait</title></HEAD>")
        document.writeln("<BODY>")
        document.writeln("<br><center><H2>Connecting... Please wait.</H2></center><br>")
        document.writeln("<form name=dlform method=POST action=/ScriptsV2/login2.asp>")
        document.writeln("<input NAME=CUID value=HBS type=hidden>")
        document.writeln("</form>")

        document.writeln("<script language=JavaScript>")
        document.writeln("document.dlform.submit()")
        document.write("</sc")
        document.writeln("ript>")

        document.close()
</script>
<noscript>


<table>
  <tr>
    <td><p align="center"><img src="/banking/HBSimages/logo2.gif" tag="NetTeller Logo"
    WIDTH="324" HEIGHT="77"></p>
    <h1 align="center">We're Sorry, your browser either does not</h1>
    <h1 align="center">support JavaScript or has had</h1>
    <h1 align="center">JavaScript disabled.<br>
    </h1>
    <hr>
    <p align="center"><big>Heritage Online requires a browser which supports JavaScript V1.2
    or later.</big></p>
    <hr>
    </td>
  </tr>
</table>
</body>
</html>
It check for javascript enabled because it uses dynamic scripting for the secure session and a lot of stuff gets hidden in encripted secure layers and the control of the session requires server side support using secure protocols.  The code you see in view source is just the top layer.

Cd&
Well it looks like the information in moe10's profile is accurate, fails to grade, and when he does he disrespects the experts anyway.  

moe10,

You won't see me in your Qs in the future. I'm not going to waste my time on you, when there are people who appreciate the free services that that receive from the experts who volunteer here.

You have wasted the time of 12 experts by failing to post for 11 days, and now all the information accumulated will be lost to autodelete because of your immature behaviour.

Cd&
ASKER CERTIFIED SOLUTION
Avatar of adamhadley
adamhadley

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of moe10

ASKER

thanks to the 11 experts who helped me.