[thelist] hiding html source code
Siri Atma Oaklander De Licori
saodl at yahoo.com
Tue Nov 4 12:19:01 CST 2003
Hi Tim,
I tend to agree with everyone else here that trying to
hide your source code is somewhat pointless...you can
only really obfuscate it, and proposals are better
done with images and diagrams.
Nonetheless if you really want to do it, the best way
I know of is to use a base page with a hidden (or
dynamicaly created) iframe to load the html you
actually want to show into the browser. HTML
dynamically added like this is not (in my experience)
available when you 'view source'. However keeping
someone from looking at the source and going directly
to the page you're loading is another problem...if you
want to avoid that you may have to put a password
dialog on the loading page and get the actual page
through some sort of server side scripting. That'll
slow down most people pretty good, but remember that
whatever you do the information has to be on their
computer to be displayed so it will always be possible
to circumvent your precautions. You just have to
decide if it's worth the trouble.
Here's a function for dynamicaly creating an IFrame
and loading a page into it. You'll then have to put a
function call to returnResults() in the loaded page's
body onload event to trigger script for moving the
content to the appropriate location. Good luck.
Siri
PS. If anyone knows a better way to load additional
html content into a page, I'd love to hear your input.
// BEGIN CODE BLOCK
// I got the basic script for this from
// David Flanagan's JavaScript the
// Definitive Guide, published by O'Rielly
// and then modified it.
var IFrameObj; // our IFrame object
var gsDestination; // the name of the object where the
// result will be sent. Can be an
// object reference. Set to
// 'Do Not Return' if you want to
// do something else with the data
// rather than just plugging it in.
// Usually you'd call a processing
// function with gsCallAfter.
var gsCallAfter; // an optional string used to run
script
// with setTimout after page load.
// 1st call: creates iframe, sets to IFrameObj.
// loads URL into the iframe.
// sets gsDestination to the display object.
function callToServer(URL,sReturnTo,sCallAfter) {
if (!document.createElement) {return true};
var IFrameDoc;
gsDestination = sReturnTo;
gsCallAfter = sCallAfter;
if (!IFrameObj && document.createElement) {
// create the IFrame and assign a reference to the
// object to our global variable IFrameObj.
// this will only happen the first time
// callToServer() is called
try {
var tempIFrame=document.createElement('iframe');
tempIFrame.setAttribute('id','RSIFrame');
tempIFrame.style.border='0px';
tempIFrame.style.width='0px';
tempIFrame.style.height='0px';
IFrameObj =
document.body.appendChild(tempIFrame);
if (document.frames) {
// this is for IE5 Mac, because it will only
// allow access to the document object
// of the IFrame if we access it through
// the document.frames array
IFrameObj = document.frames['RSIFrame'];
}
} catch(exception) {
// This is for IE5 PC, which does not allow
dynamic creation
// and manipulation of an iframe object.
Instead, we'll fake
// it up by creating our own objects.
iframeHTML='\<iframe id="RSIFrame" style="';
iframeHTML+='border:0px;';
iframeHTML+='width:0px;';
iframeHTML+='height:0px;';
iframeHTML+='"><\/iframe>';
document.body.innerHTML+=iframeHTML;
IFrameObj = new Object();
IFrameObj.document = new Object();
IFrameObj.document.location = new Object();
IFrameObj.document.location.iframe =
document.getElementById('RSIFrame');
IFrameObj.document.location.replace =
function(location) {
this.iframe.src = location;
}
}
}
if (navigator.userAgent.indexOf('Gecko') !=-1 &&
!IFrameObj.contentDocument) {
// we have to give NS6 a fraction of a second
// to recognize the new IFrame
setTimeout('callToServer('+URL+','+sReturnTo+')',10);
return false;
}
if (IFrameObj.contentDocument) {
// For NS6
IFrameDoc = IFrameObj.contentDocument;
} else if (IFrameObj.contentWindow) {
// For IE5.5 and IE6
IFrameDoc = IFrameObj.contentWindow.document;
} else if (IFrameObj.document) {
// For IE5
IFrameDoc = IFrameObj.document;
} else {
return true;
}
IFrameDoc.location.replace(URL);
IFrameDoc.onload = returnResults;
//document.getElementById('secondary').innerHTML=URL;
return false;
}
function returnResults() {
var IFrameDoc;
if (IFrameObj.contentDocument) {
// For NS6
IFrameDoc = IFrameObj.contentDocument;
} else if (IFrameObj.contentWindow) {
// For IE5.5 and IE6
IFrameDoc = IFrameObj.contentWindow.document;
} else if (IFrameObj.document) {
// For IE5
IFrameDoc = IFrameObj.document;
} else {
return true;
}
if(typeof gsDestination == 'object') {
gsDestination.innerHTML =
IFrameDoc.body.innerHTML;
} else if (gsDestination != 'Do Not Return') {
document.getElementById(gsDestination).innerHTML =
IFrameDoc.body.innerHTML;
}
if (gsCallAfter) setTimeout(gsCallAfter,0);
}
// END CODE BLOCK
-------Tim Wrote--------
hello,
i cannot provide an example - but previously, i've
seen web developer
(who i
hired to create a javascript function for me 2 years
ago) hide the
source code
on a site that he had me view the work for approval.
i.e. when i clicked 'view source' it was just a blank
file - no matter
what i
tried - it was hidden
i'm now learning client side and server side scripting
for myself and
starting
my own business. i would love to use this technique in
the approval
stages of
development.
does anyone know how this is done?
i'm happy for you to reply to me privately if this is
a trade secret -
or how
can i find more information on doing such a thing?
thank you very much for your time
tim burgan
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
More information about the thelist
mailing list