Disable view-source function .
How can I disable the view-source protocol to make my source code invisible to users ?
I have searched in many pages and I haven´t found a good solution.
I am working with traditional asp and javascript ; maybe there is away to detect if someone has typed in the address field something like "view-source:http://mypage" from asp and don´t show my real pages if that happens ; something like when I detect if a browser doesn`t have cookies enabled and I redirect the user to other page .... Well that`s an idea , but I do´nt know how to express that in code .
Maybe It´s impossible to disable this function but It would be good to detect if someone is trying to use it and show some different page .
I am sure You guys have some ideas .
thanks in advance .
I have searched in many pages and I haven´t found a good solution.
I am working with traditional asp and javascript ; maybe there is away to detect if someone has typed in the address field something like "view-source:http://mypage" from asp and don´t show my real pages if that happens ; something like when I detect if a browser doesn`t have cookies enabled and I redirect the user to other page .... Well that`s an idea , but I do´nt know how to express that in code .
Maybe It´s impossible to disable this function but It would be good to detect if someone is trying to use it and show some different page .
I am sure You guys have some ideas .
thanks in advance .
Hi
Unfortunately, you can't stop that from happening. What you can do is put so many blank lines in front of your source that many people may believe it to be empty if they don't see the scrollbar. That messes up header sending, etc. so it's not a good option, but it's the only one I can think of.
Regards,
Zyloch
Unfortunately, you can't stop that from happening. What you can do is put so many blank lines in front of your source that many people may believe it to be empty if they don't see the scrollbar. That messes up header sending, etc. so it's not a good option, but it's the only one I can think of.
Regards,
Zyloch
as they have said - there is no way to stop users from viewing source...however there are programs that encrypt the HTML to very strange values most poeple would never care to rummage through...some are free, others have free trials...but here are the results of a google search for you to browse:
http://www.google.com/search?hl=en&ie=UTF-8&q=html+encryptor
-Matt
http://www.google.com/search?hl=en&ie=UTF-8&q=html+encryptor
-Matt
ASKER
What about doing something like detecting if someone has typed in the address field something like "view-source:http://mypage" from asp and don´t show my real pages if that happens ; is that possible ?
Hi felixyo,
anything before http:// can not be modified by server side or client side scripting. That is the client browser property and he/she can do that and can not be detected or modified.
Regards,
---Pinal
anything before http:// can not be modified by server side or client side scripting. That is the client browser property and he/she can do that and can not be detected or modified.
Regards,
---Pinal
No. And that's not how most people look at the source, anyway.
Impossible. Because the URL typed is not your page, it's just view source, your script can't detect it. View source doesn't run your script.
Regards,
${Zyloch}
Regards,
${Zyloch}
Oopz, sry webwoman, stale window.
refer to this link, it has a bunch of threads and the question is the same as yours:
https://www.experts-exchange.com/questions/20661699/Disable-view-source.html
https://www.experts-exchange.com/questions/20661699/Disable-view-source.html
ASKER
Ok this is what I understand ; for instance I can detect from which Ip the client is connecting , which Kind of Browser does he/she has , If it has cookies enabled , querystrings , etc .but It`s imposiible to detect what She/he Typed in the Url before the http:// .
I think I have lost 300 points with this question ... oops ; My code doesn´t have anything special to hide ; the Thing was that I am combining the opener property and open method in javascript to open an intranet application in full screen ; without any bars or everything . I discovered I can type view-source:http://mypage and see my source code ; so in that way users can see the page I am opening with window.open in full screen and they can open that page in a normal window with bars , etc . Since I was doing that in this way my site is not going to be seen in full screen always .
I still can try the encripters ; thanks .
I think I have lost 300 points with this question ... oops ; My code doesn´t have anything special to hide ; the Thing was that I am combining the opener property and open method in javascript to open an intranet application in full screen ; without any bars or everything . I discovered I can type view-source:http://mypage and see my source code ; so in that way users can see the page I am opening with window.open in full screen and they can open that page in a normal window with bars , etc . Since I was doing that in this way my site is not going to be seen in full screen always .
I still can try the encripters ; thanks .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
encoders work well and can be very effective, as Cobol mentioned, but there are some very good encryptors available too. I've used Codelock (http://www.codelock.co.nz/) on some of my php scripts, and I know that it also has the ability to encrypt html pages (encrypts your source code and/ also encrypts your html output.) Hope that helps you out some.
I will repeat: YOU cannot hide source code because the browser has to be able to read it and that means you can view it easily in the DOM. That link is for a PHP SERVER SIDE CODE!!!!!!!!! What is does to HTML is just encoding.
I aloways find it interesting that all these sites that claim to be able to hide your code never demonstrate their product by using it on their own pages. That is because people like me would post the code in threads like this and the gullible who might be taken in by those scams would not pay good money for swindleware.
Cd&
I aloways find it interesting that all these sites that claim to be able to hide your code never demonstrate their product by using it on their own pages. That is because people like me would post the code in threads like this and the gullible who might be taken in by those scams would not pay good money for swindleware.
Cd&
The only way to keep people from seeing the source to your web pages is to keep them from seeing the web page at all.
CD I love your answers ...
http://pfex.sourceforge.net/ would be an example of an algorithm but you are welcome to waste your money on a commercial product :) In fact if you'll pay money I'll write you one ...
Another mechanism which can be VERY effective if you only want to support IE is to get your html from a webservice on the client side http://www.gotdotnet.com/playground/services/webservice_behavior.aspx
another option can be to make your entire site an activex control ...
I agree with CD on this though, any of these methods boil down to security through obscurity and should therefor NOT be relied upon.
http://pfex.sourceforge.net/ would be an example of an algorithm but you are welcome to waste your money on a commercial product :) In fact if you'll pay money I'll write you one ...
Another mechanism which can be VERY effective if you only want to support IE is to get your html from a webservice on the client side http://www.gotdotnet.com/playground/services/webservice_behavior.aspx
another option can be to make your entire site an activex control ...
I agree with CD on this though, any of these methods boil down to security through obscurity and should therefor NOT be relied upon.
CD's answers says all. Perfect!
Regards,
---Pinal
Regards,
---Pinal
I was just thinking how I could probably occupy my whole life listing reasons why he's better than me.
As others have said you cannot prevent people from viewing your source. However if you are using server side scripts like ASP then no one will be able to see your scripts because server side scripts are interpreted on the server and onle plain HTML is sent to the client's browser.
Now every developer knows that HTML does not carry much but just page formatting tags. All teh sensitive stuff and secrets of your web site are on the server side script. Hence anyone attempting to view source will see plain HTML which is actually difficult to understand coz its a result of the interpretation of the server.
You can relax knowing that no one can copy your code-just send the sensitive stuff to the server side.
Now every developer knows that HTML does not carry much but just page formatting tags. All teh sensitive stuff and secrets of your web site are on the server side script. Hence anyone attempting to view source will see plain HTML which is actually difficult to understand coz its a result of the interpretation of the server.
You can relax knowing that no one can copy your code-just send the sensitive stuff to the server side.
The short answer to how to do this is you can't. The slightly longer answer is that you can't if your pages use HTML.
When someone views your page, their browser needs to be able to read your source code in order to be able to determine what your page contains and how to display it. The browser first copies the source from the internet to the user's Temporary Internet Files folder on their computer prior to rendering the page in their browser window. In many cases the source code for your page is still stored on their computer even after they have disconnected from the internet. Anyone with a text editor on their computer (and that's everyone with a computer) can then access your source code by editing these files that are stored on their own computer. If you stop them from being able to download your pages like this then you also stop them from being able to read your page at all so you may as well not upload it in the first place.
With HTML pages on the web, the only thing that you can do is to make things harder for novices who might want to learn from your code, anyone who wants to steal your code knows ways around all of the obstacles and will still be able to steal your page.
The most common thing that people do to discourage novices from viewing their source code is to use a Javascript to disable the menu that displays when you right click on the page. You can find scripts to do this on just about any Javascript site and there are lots available on Javascripts.com. Unfortunately, the view source option on this menu is just a shortcut to the source and does not stop the user from selecting the same option from the view menu in the browser menu bar. Also there is nothing to stop visitors to your site from turning off the Javascript support in their browser so as to bypass any scripts you might have used.
Another trick is to place a large comment (of fifty lines or so) in the top of your source that advises that your source is protected and cannot be viewed. Novices may not realize that they only have to page down to find the source code.
You can find more information about the various ways that can be used to access and view the source code of html pages regardless of what "protection" the page author has implemented on the page "Viewing Someone Else's Source". Often being able to view the source of other people's pages is a good thing because it enables us to see how other people have been able to achieve the various effects implemented in their page and thus improve our knowledge of html, javascript, etc.
Unfortunately, the way the web works, all of the images on our page are also easily accessible along with the source code so there is no way to protect these from being stolen either. The best that we can do is to embed a copyright notice into the image itself which will hopefully discourage visitors from stealing them. For information about one way to place copyright notices into your images using Photoshop see "Adding a Copyright Notice".
A Solution
The only real way to create web pages where the source cannot be viewed is to not use HTML. HTML is designed so that it can be created in a text editor and anyone with a text editor can read it.
Portable Document Format (PDF) files can also be displayed in a web browser (and display exactly as created rather than being rendered by the browser). PDFs require Adobe Acrobat to be able to create fully functional web pages and a freely available for download Acrobat Reader to be able to render them on the screen (a plug-in allows PDFs to render in browser windows).
Try to access the PDF source using a text editor and all you see is a mess of characters. Yes it is possible to extract the text from one of these files with a large amount of effort but the formatting information is in a totally unusable form. The only way to properly see the page complete with all of its formatting is to use Acrobat Reader or the full Adobe Acrobat product.
With PDF you can even build security into your page that restricts what people can do with your page (even if they have Acrobat) unless they know one of two passwords. One password is used to stop the page from being able to be opened at all by anyone who doesn't know it. The other password can be used to stop people who are viewing the page from performing one or more of the following: printing the page, changing the page, selecting text and graphics, and adding or changing note or form fields. This Acrobat Example page cannot be printed or edited by you even if you own a copy of the full version of Acrobat.
When someone views your page, their browser needs to be able to read your source code in order to be able to determine what your page contains and how to display it. The browser first copies the source from the internet to the user's Temporary Internet Files folder on their computer prior to rendering the page in their browser window. In many cases the source code for your page is still stored on their computer even after they have disconnected from the internet. Anyone with a text editor on their computer (and that's everyone with a computer) can then access your source code by editing these files that are stored on their own computer. If you stop them from being able to download your pages like this then you also stop them from being able to read your page at all so you may as well not upload it in the first place.
With HTML pages on the web, the only thing that you can do is to make things harder for novices who might want to learn from your code, anyone who wants to steal your code knows ways around all of the obstacles and will still be able to steal your page.
The most common thing that people do to discourage novices from viewing their source code is to use a Javascript to disable the menu that displays when you right click on the page. You can find scripts to do this on just about any Javascript site and there are lots available on Javascripts.com. Unfortunately, the view source option on this menu is just a shortcut to the source and does not stop the user from selecting the same option from the view menu in the browser menu bar. Also there is nothing to stop visitors to your site from turning off the Javascript support in their browser so as to bypass any scripts you might have used.
Another trick is to place a large comment (of fifty lines or so) in the top of your source that advises that your source is protected and cannot be viewed. Novices may not realize that they only have to page down to find the source code.
You can find more information about the various ways that can be used to access and view the source code of html pages regardless of what "protection" the page author has implemented on the page "Viewing Someone Else's Source". Often being able to view the source of other people's pages is a good thing because it enables us to see how other people have been able to achieve the various effects implemented in their page and thus improve our knowledge of html, javascript, etc.
Unfortunately, the way the web works, all of the images on our page are also easily accessible along with the source code so there is no way to protect these from being stolen either. The best that we can do is to embed a copyright notice into the image itself which will hopefully discourage visitors from stealing them. For information about one way to place copyright notices into your images using Photoshop see "Adding a Copyright Notice".
A Solution
The only real way to create web pages where the source cannot be viewed is to not use HTML. HTML is designed so that it can be created in a text editor and anyone with a text editor can read it.
Portable Document Format (PDF) files can also be displayed in a web browser (and display exactly as created rather than being rendered by the browser). PDFs require Adobe Acrobat to be able to create fully functional web pages and a freely available for download Acrobat Reader to be able to render them on the screen (a plug-in allows PDFs to render in browser windows).
Try to access the PDF source using a text editor and all you see is a mess of characters. Yes it is possible to extract the text from one of these files with a large amount of effort but the formatting information is in a totally unusable form. The only way to properly see the page complete with all of its formatting is to use Acrobat Reader or the full Adobe Acrobat product.
With PDF you can even build security into your page that restricts what people can do with your page (even if they have Acrobat) unless they know one of two passwords. One password is used to stop the page from being able to be opened at all by anyone who doesn't know it. The other password can be used to stop people who are viewing the page from performing one or more of the following: printing the page, changing the page, selecting text and graphics, and adding or changing note or form fields. This Acrobat Example page cannot be printed or edited by you even if you own a copy of the full version of Acrobat.
Nice comment, thug ;)
The even shorter answer is: You can't because other people can just keep scrolling down and grabbing your screen with Print Screen or a screen capturing program. If it's more than one page long, they'd just keep scrolling down or build a macro to do it for them.
Then, they can crop the image, w/e.
The solution:
Give people who buy your stuff an encryption key. Then, you can show the encrypted version online. Of course, that'll be useless because that defies the purpose of having them view it at all. The shorter solution: show them a sample chapter that you don't care about.
The even shorter answer is: You can't because other people can just keep scrolling down and grabbing your screen with Print Screen or a screen capturing program. If it's more than one page long, they'd just keep scrolling down or build a macro to do it for them.
Then, they can crop the image, w/e.
The solution:
Give people who buy your stuff an encryption key. Then, you can show the encrypted version online. Of course, that'll be useless because that defies the purpose of having them view it at all. The shorter solution: show them a sample chapter that you don't care about.
you can not stop user to see the source. That is the client side code and they can always see it, somehow!
Regards,
---Pinal