Hide/Encrypt HTML source like gmail?

Posted on 2005-03-16
Medium Priority
Last Modified: 2008-03-06
Does anyone know how to hide or encrypt the HTML of a webpage so that it is not viewable by the user?

ie, if you log into a gmail account, and view the source, you'll see what I mean.


ps, I know most people think it CAN'T be done effectively, so only optimists need respond ;-)
Question by:kbach
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 23

Expert Comment

ID: 13560503
You cannot encrypt HTML effectively, because, for any browser to render it, it must first be in plain text (with tags) -- so once it is in plain text, anyone can do "view source" and get all your code.  It is not possible.
LVL 23

Expert Comment

ID: 13560528
But, being an optomist, I am working on ideas where you CAN encrypt the basic data you are presenting.  That is a new idea that many have not sought.  Even then, once it is rendered in HTML, the data on that page is still able to be gotten by anyone, using "view source".  The key is, don't put all the data in one page, make it difficult.

If it is CODE you are trying to protect, there is only ONE solution -- you must use a server language like PHP or CGI, or maybe even ASP -- because the server code RENDERS the file to HTML before anyone sees it, they see only the HTML, and not the source code, so your source code is "protected".

Author Comment

ID: 13560549
‹       Ó5¶0±0672¶0²°4137510 .×Qø  

This is what's returned by doing a view source in gmail.  My question is, how did they do that?
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

LVL 23

Expert Comment

ID: 13560560
Now the non-optimist would say -- "Well, you can use server code to render anything you want, but given the output, and knowing which server language rendered it, I can pretty-much reconstruct the code that produced that output".  And they are right.  Whatever shows in the browser is copyable to a file on anyone's hard disk.

So the key here is -- "What are you trying to protect?"  Is it code, is it data, is it both?  Or is it just images?

A lot of people disable the right-click to stop people saving images.  Doesn't work.  Just do "view source" for the page, find out the name of the image from the html code, point the browser to that image path, and bang, you have got the image.

Optimist or not, the reality is -- WHATEVER the browser shows on screen is in savable, copyable text.  It can be saved by anyone, and cloned, if they want.  Anything you do on the server is hidden, but what the user sees, all of that is "stealable".  That is the truth of the situation, good or bad.....
LVL 23

Expert Comment

ID: 13560588
YOu are talking HTML, right, not gmail?  As long as the page comes to a person in HTML, it is not encrypted, and you cannot change that -- it is the browser "rules".  Gmail is not relevant to HTML.

I am working on encryption algorithms right now that will encrypt a bit database -- just like gmail, to run the text through a "cipher key" and it comes out as high-ascii, just like gmail shows.  And the main database looks much like what you printed, except most are like -- ╤╩∟■Ü♫Ü6╘89☼☻Ü?╩◙  that is high ascii.

However, once it gets into an html file, it is normal text, period.  Do you want to send people sncrypted code that is not in an HTML file?  That is another possibility, but how will they decode it to make it useful?
LVL 23

Expert Comment

ID: 13560606
oops, those ascii figures were translated by the JSP that renders EE pages into numbers -- that is not what I originally put in my comment -- it is a numerica translation of what I actually typed in.... sorry....
LVL 23

Accepted Solution

sciwriter earned 600 total points
ID: 13560633
The best you can do with HTML is OBFUSCATE IT -- make it difficult for the reader to figure out.  Remove all the spaces and lines between the code, pack it tight, put all the crucial stuff on one line, and use cryptic names for the various "labels" in your code.  As best, you can make HTML a pain in the neck to figure out.

However, we all go through this stage.  WHen we start creating HTML, we think it is SO unique, we must protect it.  Then the more you learn, the more you realize, Hey, the people that really know this stuff know a lot more than me.  Then you progress to the stage where you realize that anything you can think of, someone else out there knows how to do it better than you anyway.  Then finally, when you think you've become a guru, and you code is "worth protecting", that is about the time the browsers change all the rules, so you must learn it all over again....

Expert Comment

ID: 13560653
This page is informative on the subject:

Like sciwriter said though, there is no fool proof way to protect your code.  However, I think the best semi-practical approach however is to do the following:

First, make your users access the protected page by using a javascript link from another page.  This link should have the menu turned off.  This will prevent your users from being able to use "view >> Source".

Secondly, the protected page should contain a javascript function that disables right-clicking.  This will obviously prevent them from using "right-click >> view source".

This is by no means fool proof though.  While it will block most curious visitors, anyone who is semi web savvy can simly disable javascript (however you can also use javascript to prevent your page from being displayed if javascript is turned off).

Beyond that, there is really little you can do.  The bottom line is that when you make your page available online, the source code MUST be sent to your users web browser, and therefore your code is necessarily on their computer, and relatively easy to view for one who knows what they're doing.

If you need the actual javascript coding for what I described above, just ask... good luck.

Expert Comment

ID: 13560729
Try a program called HTML Protector. Maybe it'll work for you. It has a login feature too if you want one on your page. When you view the source, it's just a mass of letters that only the browser understands. It uses JS.

You'll have to shell a couple of bucks to get it, but I'll bet there are other programs that are free.


I've tried it before and it looks acceptable to me, but if you really need your page to be secure, follow sciwriter's suggestion about additional protection from JS using JS. ;-)

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question