"Protecting" Javascript File Options

[Josh Thomas]

My mom has a website, and has spent quite a bit of money on having a javascript application developed, and wants to stop people from stealing it from her site.

I know there is really no way to completely protect a script from being stolen, other than to not use it at all, but I am looking for some way to make it slightly more difficult for a novice. The simplest method I have thought of so far is to give the .js file some ridiculous name (like "spyware.js"). Either that or to call several files, all with meaningless names, only one of which is the actual file. What are your thoughts?

[Brian Chandler]

Give up.

If this "javascript application" is really something specific to her needs -- which is the only case in which you would normally expect to pay lots of money to a programmer for it --- then it won't be of much direct use to anyone else anyway.

[Frederiek]

http://javascriptcompressor.com/

[pandy]

It works as little as the rest of them.

Take this.

CODE

alert:('Hello!');

Encode it.

CODE

eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0:(\'1!\');',2,2,'alert|Hello'.split('|'),0,{}))

To get it readable again you just have to replace eval() with for example alert() or document.write(). Paste into a doc and try.

CODE

alert(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0:(\'1!\');',2,2,'alert|Hello'.split('|'),0,{}))

[Christian J]

My mom has a website, and has spent quite a bit of money on having a javascript application developed, and wants to stop people from stealing it from her site.

Is she afraid that web sites of e.g. competing businesses will copy it? Otherwise, if the script is just a general enhancement it shouldn't matter if it's copied (it's the site's actual content that matters for the visitors).

I know there is really no way to completely protect a script from being stolen, other than to not use it at all,

True, otherwise perhaps sites like dynamicdrive.com wouldn't give away scripts for free.

but I am looking for some way to make it slightly more difficult for a novice.

I've seen some very convoluted attempts, like calling a new script file from within the first script, which is loaded from within an iframe, etc, but then there's an increased risk it causes bugs, or confuses yourself some day in the future when you've forgotten how it all works.

Ajax can also be used to "hide" JS from users (except those that know how to view rendered JS), but making Ajax itself work in all MSIE versions is tricky, and usually it will fail for MSIE users with activeX disabled.

[Josh Thomas]

Is she afraid that web sites of e.g. competing businesses will copy it? Otherwise, if the script is just a general enhancement it shouldn't matter if it's copied (it's the site's actual content that matters for the visitors).

She has a handful of scripts that competitors have stolen in the past and used on their own sites, so she is trying to prevent this with some new scripts she has now.

[pandy]

She should consider printing a brochure instead. Or learn to accept the web as it is.

[Brian Chandler]

Is she afraid that web sites of e.g. competing businesses will copy it? Otherwise, if the script is just a general enhancement it shouldn't matter if it's copied (it's the site's actual content that matters for the visitors).

She has a handful of scripts that competitors have stolen in the past and used on their own sites, so she is trying to prevent this with some new scripts she has now.

It would help - of course - if we could see the scripts you are talking about.

But anyway, it's a fair guess that at least some of this could be better done on the server, which would eliminate the other perceived problem.