Page 1 of 1

Hide what it says in bottom bar?

Posted: Sat Jan 25, 2003 8:36 am
by eyeronik
Hi, i need to hide what it says in the bottom left bar at the left when i click a link, but its not a normal link its a new window style one.

this is the code im using:

Code: Select all

<SCRIPT language="JavaScript">
<!--
function n_window(theurl)
&#123;
// set width and height
var the_width=750;
var the_height=500;
// set window position
var from_top=0;
var from_left=0;
// set other attributes
var has_toolbar='no';
var has_location='no';
var has_directories='no';
var has_status='no';
var has_menubar='no';
var has_scrollbars='yes';
var is_resizable='yes';
// atrributes put together
var the_atts='width='+the_width+', height='+the_height+', top='+from_top+', screenY='+from_top+', left='+from_left+', screenX='+from_left;
the_atts+=', toolbar='+has_toolbar+', location='+has_location+', directories='+has_directories+', status='+has_status;
the_atts+=', menubar='+has_menubar+', scrollbars='+has_scrollbars+', resizable='+is_resizable;
// open the window
window.open(theurl,'',the_atts);
&#125;
//-->
</SCRIPT>
Currently it says:

javascript:n_window('pathto/file/index.html');

This is no good, it also shows this if i right click it, i dont want people to know where the file is stored, does anyone know what i can do? is there anything i could add in my code to hide it?

Posted: Tue Jan 28, 2003 2:34 am
by DaZZleD
you could always use the onClick like this:

<font onClick="n_window('URL')">former_link_text</font>
and CSS to format it just like a link.

you might also want to use the function in an external file and use an array that has a URL assigned to every ID and call the function by the assigned array ID for the URL you need. a view source would protect somewhat the script and the array with the URLs.

however the user can always right click the new window to see what page is loaded. this can be prevented by using a script that doesn't allow right clicks on the new window, and by not using adress bar for the window.

hope it makes sense... :)
if not, just ask :wink:

Posted: Fri Feb 21, 2003 11:20 am
by cwcollins
I'm betting yout anchor tag looks something like this

Code: Select all

<a href=javascript:n_window('pathto/file/index.html');>Link text</a>
The easiest (will work in browsers without good css support(i.e. old NS)) way to do this is to use something like this instead

Code: Select all

<a href=# onClick="javascript:n_window('pathto/file/index.html');">Link Text</a>
You could also use the onMouseove event to set the status bar to blank, or better yet, to something descriptive.

But a "view source" on the page will still reveal the path with either of these solutions. Even if you disable the right click, most browsers have a keyboard shortcut for "view source". Additionally, the page will be in the users cache. The only real way to prevent this is to move the actual path/file information out of the script and have the work done server-side.

c.collins

p.s. That <font onClick> idea is pretty cool. that never occurred to me. Any idea about what browsers that will work in?

Posted: Fri Feb 21, 2003 8:20 pm
by Skyzyx
... or you could leave your stuff as-is, and in the head do this:

Code: Select all

setInterval("window.status='';", 500);

Posted: Fri Feb 21, 2003 11:13 pm
by cwcollins
Right, but you'll still have the view source issue.

Posted: Sat Feb 22, 2003 12:41 pm
by Skyzyx
You'll always have the view-source issue. You can't hide your client-side code! For your own benefit, I'd suggest not wating your time trying to hide it.

Posted: Sat Feb 22, 2003 12:57 pm
by cwcollins
right, if you really need to hide the paths, you'll have to go server-side...

That said, here are a couple of interesting ways that people have come up with to try to hide or protect client-side code:

http://webdeveloper.earthweb.com/webjs/ ... .php/18091
http://www.inet.hr/~tsereg/en/jse/index.html
http://javascriptstation.com/scripts/Security.html

-c.

Posted: Sat Feb 22, 2003 1:31 pm
by twigletmac
The basic flaw in any attempt to protect the source of the page is the fact that it doesn't take much to circumvent the protection - often all it takes is disabling JavaScript. So although some people will be deterred, anybody who really wants to know where the file is stored will be able to find its location.

Use server-side code and it becomes easier because you do things like include files into other files or create temporary files with random file names.

As Skyzyx said, don't waste your time trying to protect client-side code, it's ultimately fruitless as no method is 100% foolproof. If you don't want anybody to know where a file is, don't put a link to it.

Mac

Posted: Mon Feb 24, 2003 3:38 am
by volka
and it can't be made secure since the browser has to understand somehow. Any efford (how smart it is) will be nullified if someone hits debug and reloads the page (in the debugger)