How to Prevent Your JavaScript Code from Being Stolen, Copied, and Viewed

How to prevent your JavaScript code from being stolen, copied, and viewed?

You could obfuscate your Javascript. There are a lot of tools to do that in the wild, e.g. http://www.javascriptobfuscator.com/. However it does not prevent anyone to see the code, but makes it harder to read.

How can I prevent javascript code theft?

You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.

The actual code in your example is downloaded with the jquery.js file.

How do I protect JavaScript files?

Good question with a simple answer: you can't!

JavaScript is a client-side programming language, therefore it works on the client's machine, so you can't actually hide anything from the client.
Obfuscating your code is a good solution, but it's not enough, because, although it is hard, someone could decipher your code and "steal" your script.
There are a few ways of making your code hard to be stolen, but as I said nothing is bullet-proof.

Off the top of my head, one idea is to restrict access to your external js files from outside the page you embed your code in. In that case, if you have

<script type="text/javascript" src="myJs.js"></script>

and someone tries to access the myJs.js file in browser, he shouldn't be granted any access to the script source.
For example, if your page is written in PHP, you can include the script via the include function and let the script decide if it's safe" to return it's source.
In this example, you'll need the external "js" (written in PHP) file myJs.php:

<?php
    $URL = $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    if ($URL != "my-domain.example/my-page.php")
    die("/\*sry, no acces rights\*/");
?>
// your obfuscated script goes here

that would be included in your main page my-page.php:

<script type="text/javascript">
    <?php include "myJs.php"; ?>;
</script>

This way, only the browser could see the js file contents.

Another interesting idea is that at the end of your script, you delete the contents of your dom script element, so that after the browser evaluates your code, the code disappears:

<script id="erasable" type="text/javascript">
    //your code goes here
    document.getElementById('erasable').innerHTML = "";
</script>

These are all just simple hacks that cannot, and I can't stress this enough: cannot, fully protect your js code, but they can sure piss off someone who is trying to "steal" your code.

Update:

I recently came across a very interesting article written by Patrick Weid on how to hide your js code, and he reveals a different approach: you can encode your source code into an image! Sure, that's not bullet proof either, but it's another fence that you could build around your code.
The idea behind this approach is that most browsers can use the canvas element to do pixel manipulation on images. And since the canvas pixel is represented by 4 values (rgba), each pixel can have a value in the range of 0-255. That means that you can store a character (actual it's ascii code) in every pixel. The rest of the encoding/decoding is trivial.

How can I hide my JavaScript functions so that nobody can steal them?

you can always obfuscate and minify your code so that it's only single letters and such. There is no real way someone can't steal your javascript, but that is the best way you can "hide" it so people can' really read your variable names, etc.

How to secure javascript code from being run on other domain (stolen) ? need more ideas

No matter how complex you make your code, it can always be read, if necessary with abstract interpretation, i.e. automatically capturing the essence of your code. Code without knowledge of internals, variable names (I assume you're already using minimization, for example with the YUI compressor), documentation, support, and generalization is worthless for anyone else.

If a competitor (or potential customers) of yours is stealing your code, consider simply suing them. If it's some random guy on the internet, why do you care?

Prevent HTML code from being stolen

You cannot protect your JS, CSS or HTML code 100%.

But you could confuse your client by encrypting the code, removing whitespaces, etc. He could copy and paste it but will not be able to edit or extend it that easy.

This tool encrypts HTML to JS:
http://www.iwebtool.com/html_encrypter

CSS compressor (removes whitespaces and new lines):
https://csscompressor.net/

JavaScript compressor (removes whitespaces and new lines): http://javascriptcompressor.com/

As @AMR already mentioned: protect your copyright and setup a contract. My advices above are just in case, if there is no trust in your client!

What are some good ways to prevent people from copying my source code?

If people really want to get access to your source code they can do that fairly easily.

It is possible to slow people down to a limited degree by obfuscating code.

See:

• http://code.google.com/p/minify/
• http://refresh-sf.com/yui/
• http://ajaxian.com/archives/utility-javascript-obfuscator

Maintaining obfuscated code is difficult. What you want to do is obfuscate it before deployment so that you can test and debug with the normal version. Debugging problems on a live site can be made a lot more difficult by the obfuscation.

---

Related Topics