Page 1 of 1

how to hide the html code ?

Posted: Fri Nov 20, 2009 7:28 am
by awdhut
hi,
I create online test page.(HTML,PHP,MySql).
Any one can copy the page.
My intention is that no one can copy/save the page from
1) key-board(ctrl+c)
2) File (menu bar)
presently,I use "no right click" Javascript code to avoid
the page copy.
Please help me.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 7:39 am
by timWebUK
No one can view your PHP or MySQL as that is processed server-side, why do you want to hide your HTML? Nothing that can compromise your security should be on the client side - i.e., passwords stored in Javascript, etc.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 7:40 am
by papa
You can make it harder with frames, but other than that i don't think it's possible.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 7:49 am
by jayshields
It's not possible.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 9:04 am
by Apollo
If you really want (but you shouldn't), you can obfuscate it by encrypting your html and decrypting it in javascript. For example:

example.html (this merely uses good ol' lame base64 encoding as "encryption", but you get the idea)

Code: Select all

<html><head><script type="text/javascript">
<!--
function Decrypt(ultraSecret)
{
    var output = "";
    var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
    var i = 0;
    ultraSecret = ultraSecret.replace(/[^A-Za-z0-9\+\/\=]/g,"");
    while (i < ultraSecret.length)
    {
        enc1 = b64.indexOf(ultraSecret.charAt(i++));
        enc2 = b64.indexOf(ultraSecret.charAt(i++));
        enc3 = b64.indexOf(ultraSecret.charAt(i++));
        enc4 = b64.indexOf(ultraSecret.charAt(i++));
        chr1 = (enc1 << 2) | (enc2 >> 4);
        chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
        chr3 = ((enc3 & 3) << 6) | enc4;
        output += String.fromCharCode(chr1);
        if (enc3 != 64) output += String.fromCharCode(chr2);
        if (enc4 != 64) output += String.fromCharCode(chr3);
    }
    return output;
}
document.write(Decrypt("PGgxPkhlbGxvITwvaDE+PGhyPlRoaXMgaHRtbCBpcyA8Zm9udCBjb2xvcj0jZmYwMDAwPmVuY3J5cHRlZDwvZm9udD4gOik"));
//-->
</script>
</head><body></body><html>

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 9:09 am
by jayshields
Then all you do is use anything slightly more sophisticated than the browsers' built-in "View Source" function to view the actual DOM in real-time.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 9:39 am
by Apollo
Of course, or you put an extra escape() around the decrypted result to get the html printed readable. It's just a minimal barrier against average users, and probably works against more people than the anti-right-click script imho. But obviously it doesn't offer any real protection.

Then again, there isn't a real problem either, because as mentioned already any sensitive info should remain server-side in PHP/SQL in the first place.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 10:51 am
by iankent
There is no solution to the problem. Even obfuscation is pointless as it can still be undone. And as jayshields says, you can just view the DOM instead!

Also, javscript tricks to block right clicking don't work. There's a View Source on the most browser menu bar too, usually under View or Tools. And even if you could block that, you can open HTTP pages using Microsoft Word and view them as a text file, so it never gets rendered as HTML and you have no control over what happens to the text.

Because of the nature of how HTML/Javascript etc. work, there is absolutely no solution. Any code you write MUST be able to be decoded by the web browser (otherwise it won't display...), and if the web browser can decode it, so can other programs and people. It's that simple. The same applies to .Net applications and C++ applications. This is why anti-piracy protection almost always fails, and when it doesn't it makes life hell for anybody trying to use the product legitimately.

I just hold on to something I was told a long time ago - most people won't try or don't understand, and for those who do it'll take longer to unpick your work and steal your code than it would for them to rewrite it themselves. So don't worry about it :)

As for PHP, timWebUK is correct, as long as your server always parses the PHP files, nobody will ever get to see the code, just possibly some error messages if things go wrong.

Re: how to hide the html code ?

Posted: Fri Nov 20, 2009 1:17 pm
by awdhut
All of you
Thank you.
Thank you very much sir.