Hide what it says in bottom bar?

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
eyeronik
Forum Newbie
Posts: 4
Joined: Sat Jan 18, 2003 12:11 pm

Hide what it says in bottom bar?

Post by eyeronik »

Hi, i need to hide what it says in the bottom left bar at the left when i click a link, but its not a normal link its a new window style one.

this is the code im using:

Code: Select all

<SCRIPT language="JavaScript">
<!--
function n_window(theurl)
&#123;
// set width and height
var the_width=750;
var the_height=500;
// set window position
var from_top=0;
var from_left=0;
// set other attributes
var has_toolbar='no';
var has_location='no';
var has_directories='no';
var has_status='no';
var has_menubar='no';
var has_scrollbars='yes';
var is_resizable='yes';
// atrributes put together
var the_atts='width='+the_width+', height='+the_height+', top='+from_top+', screenY='+from_top+', left='+from_left+', screenX='+from_left;
the_atts+=', toolbar='+has_toolbar+', location='+has_location+', directories='+has_directories+', status='+has_status;
the_atts+=', menubar='+has_menubar+', scrollbars='+has_scrollbars+', resizable='+is_resizable;
// open the window
window.open(theurl,'',the_atts);
&#125;
//-->
</SCRIPT>
Currently it says:

javascript:n_window('pathto/file/index.html');

This is no good, it also shows this if i right click it, i dont want people to know where the file is stored, does anyone know what i can do? is there anything i could add in my code to hide it?
User avatar
DaZZleD
Forum Commoner
Posts: 38
Joined: Tue Jan 07, 2003 5:39 am

Post by DaZZleD »

you could always use the onClick like this:

<font onClick="n_window('URL')">former_link_text</font>
and CSS to format it just like a link.

you might also want to use the function in an external file and use an array that has a URL assigned to every ID and call the function by the assigned array ID for the URL you need. a view source would protect somewhat the script and the array with the URLs.

however the user can always right click the new window to see what page is loaded. this can be prevented by using a script that doesn't allow right clicks on the new window, and by not using adress bar for the window.

hope it makes sense... :)
if not, just ask :wink:
User avatar
cwcollins
Forum Commoner
Posts: 79
Joined: Thu May 16, 2002 3:51 pm
Location: Milwaukee, WI, USA

Post by cwcollins »

I'm betting yout anchor tag looks something like this

Code: Select all

<a href=javascript:n_window('pathto/file/index.html');>Link text</a>
The easiest (will work in browsers without good css support(i.e. old NS)) way to do this is to use something like this instead

Code: Select all

<a href=# onClick="javascript:n_window('pathto/file/index.html');">Link Text</a>
You could also use the onMouseove event to set the status bar to blank, or better yet, to something descriptive.

But a "view source" on the page will still reveal the path with either of these solutions. Even if you disable the right click, most browsers have a keyboard shortcut for "view source". Additionally, the page will be in the users cache. The only real way to prevent this is to move the actual path/file information out of the script and have the work done server-side.

c.collins

p.s. That <font onClick> idea is pretty cool. that never occurred to me. Any idea about what browsers that will work in?
Skyzyx
Forum Commoner
Posts: 42
Joined: Fri Feb 14, 2003 1:53 am
Location: San Jose, CA

Post by Skyzyx »

... or you could leave your stuff as-is, and in the head do this:

Code: Select all

setInterval("window.status='';", 500);
User avatar
cwcollins
Forum Commoner
Posts: 79
Joined: Thu May 16, 2002 3:51 pm
Location: Milwaukee, WI, USA

Post by cwcollins »

Right, but you'll still have the view source issue.
Skyzyx
Forum Commoner
Posts: 42
Joined: Fri Feb 14, 2003 1:53 am
Location: San Jose, CA

Post by Skyzyx »

You'll always have the view-source issue. You can't hide your client-side code! For your own benefit, I'd suggest not wating your time trying to hide it.
User avatar
cwcollins
Forum Commoner
Posts: 79
Joined: Thu May 16, 2002 3:51 pm
Location: Milwaukee, WI, USA

Post by cwcollins »

right, if you really need to hide the paths, you'll have to go server-side...

That said, here are a couple of interesting ways that people have come up with to try to hide or protect client-side code:

http://webdeveloper.earthweb.com/webjs/ ... .php/18091
http://www.inet.hr/~tsereg/en/jse/index.html
http://javascriptstation.com/scripts/Security.html

-c.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

The basic flaw in any attempt to protect the source of the page is the fact that it doesn't take much to circumvent the protection - often all it takes is disabling JavaScript. So although some people will be deterred, anybody who really wants to know where the file is stored will be able to find its location.

Use server-side code and it becomes easier because you do things like include files into other files or create temporary files with random file names.

As Skyzyx said, don't waste your time trying to protect client-side code, it's ultimately fruitless as no method is 100% foolproof. If you don't want anybody to know where a file is, don't put a link to it.

Mac
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

and it can't be made secure since the browser has to understand somehow. Any efford (how smart it is) will be nullified if someone hits debug and reloads the page (in the debugger)
Post Reply