Hide url in javascript


I have this situation where I need to be able to hide a url that can be seen when you go to the view source of a page. So for example the javascript code looks like this when you inspect the source code:

   <script type='text/javascript'>
file: 'rtmp://arken.crossnet.net/flashfiles/111111-p1_Arken_Mp4_H264.mp4',
type: 'rtmp', 
title: 'Väckelsemöte Älmhult', 
 width: '100%', 
aspectratio: '16:9',
skin: 'modieus', 
fallback: 'false', 
 autostart: 'false', 
stretching: 'exactfit', 
logo: { 
file: 'images/kanal10_100px.png', 
link: 'http://kanal10.se' 

Open in new window

What I would like is to hide or encrypt the tag 'file' so if you try to copy and apply it anywhere outside this site it is not possible. Is this possible? And if how do I do it?

Thanks for help!


* The site I work with is a asp.net site
Peter NordbergIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
Why do you want to do this?

A URL on a page cannot be hidden - all you need to do is right click and select copy location - you don't need to go to the source.

If you are trying to hide the url of the MP4 you would be better doing something like this

Have a generic URL that calls back with an ID - the ID is linked to a specific file which you then stream back.

To make the URL non-copyable make the id dynamic linked to a time limit i.e. when the page is requested create a unique id and link it to the relevant file - with a timestamp.

When the request comes in through the generic url, retrieve the ID and check it against the saved version - if the current time is more than a certain number of ticks off the saved timestamp the url has expired so reject it - otherwise retrieve the path of the media file that was linked to the unique ID and send it back.

You could also extend this to a one time use - so after the ID has been requested you decrement a count - once the count reaches 0 the link is invalid.

Sometimes multiple requests to a media file are required which would mean a timestamp might be better suited - but a single use count could also work - experiment with your specific setup.

You could also obfiscate the name in javascript so in your call
file: decrypt('@#KI$RMIIO$%IJ#I$%IJ$%OMDGSO#$'),  

Open in new window

Where the parameter to the decrypt function is a scrambled version of the URL (above is just random letters to demonstrate the concept)

Create a function called decrypt that then decrypts the url.

This will hide it from your view source voyeurs but anyone with some web-dev experience will be able to reverse engineer your url.

So depends on who you are trying to hide from - general public (bBut does not matter if a few get around it) - as few as possible (make it hard for everyone).

The javascript solution will work for the first and the solution discussed in the opening section of this post will do for the second.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Peter NordbergIT ManagerAuthor Commented:
Hi and thanks for answer,

the reason that I want to do this is that it is supposed to be a subscription site and people pay a fee for watching the videos. Right now the videos are not protected on the streaming server so when someone is logged in they can view the source and copy the url and put it on their Facebook site.

Do you have some code examples for decrypting it?


Julian HansenCommented:
I guessed that was the purpose.

Decrypting - you can do anything from base64 encoding to xor'ing with a known key - whatever you do though is reversible.

If this is a subscription service then once someone has cracked the URL it stays cracked.

With the server side solution - URL's become inactive after a time without you having to change your backend media storage.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.