[thelist] hiding html source code

Siri Atma Oaklander De Licori saodl at yahoo.com
Tue Nov 4 12:19:01 CST 2003


Hi Tim,

I tend to agree with everyone else here that trying to
hide your source code is somewhat pointless...you can
only really obfuscate it, and proposals are better
done with images and diagrams.

Nonetheless if you really want to do it, the best way
I know of is to use a base page with a hidden (or
dynamicaly created) iframe to load the html you
actually want to show into the browser.  HTML
dynamically added like this is not (in my experience)
available when you 'view source'.  However keeping
someone from looking at the source and going directly
to the page you're loading is another problem...if you
want to avoid that you may have to put a password
dialog on the loading page and get the actual page
through some sort of server side scripting.  That'll
slow down most people pretty good, but remember that
whatever you do the information has to be on their
computer to be displayed so it will always be possible
to circumvent your precautions.  You just have to
decide if it's worth the trouble.

Here's a function for dynamicaly creating an IFrame
and loading a page into it.  You'll then have to put a
function call to returnResults() in the loaded page's
body onload event to trigger script for moving the
content to the appropriate location.  Good luck.

Siri

PS. If anyone knows a better way to load additional
html content into a page, I'd love to hear your input.

// BEGIN CODE BLOCK

// I got the basic script for this from
// David Flanagan's JavaScript the
// Definitive Guide, published by O'Rielly
// and then modified it.

var IFrameObj; // our IFrame object
var gsDestination; // the name of the object where the
                   // result will be sent.  Can be an
                   // object reference.  Set to 
                   // 'Do Not Return' if you want to
                   // do something else with the data
                   // rather than just plugging it in.
                   // Usually you'd call a processing
                   // function with gsCallAfter.
var gsCallAfter;  // an optional string used to run
script
                  // with setTimout after page load.
// 1st call: creates iframe, sets to IFrameObj.
// loads URL into the iframe.
// sets gsDestination to the display object.
function callToServer(URL,sReturnTo,sCallAfter) {
  if (!document.createElement) {return true};
  var IFrameDoc;
  gsDestination = sReturnTo;
  gsCallAfter = sCallAfter;
  if (!IFrameObj && document.createElement) {
    // create the IFrame and assign a reference to the
    // object to our global variable IFrameObj.
    // this will only happen the first time 
    // callToServer() is called
   try {
      var tempIFrame=document.createElement('iframe');
      tempIFrame.setAttribute('id','RSIFrame');
      tempIFrame.style.border='0px';
      tempIFrame.style.width='0px';
      tempIFrame.style.height='0px';
      IFrameObj =
document.body.appendChild(tempIFrame);
      
      if (document.frames) {
        // this is for IE5 Mac, because it will only
        // allow access to the document object
        // of the IFrame if we access it through
        // the document.frames array
        IFrameObj = document.frames['RSIFrame'];
      }
    } catch(exception) {
      // This is for IE5 PC, which does not allow
dynamic creation
      // and manipulation of an iframe object.
Instead, we'll fake
      // it up by creating our own objects.
      iframeHTML='\<iframe id="RSIFrame" style="';
      iframeHTML+='border:0px;';
      iframeHTML+='width:0px;';
      iframeHTML+='height:0px;';
      iframeHTML+='"><\/iframe>';
      document.body.innerHTML+=iframeHTML;
      IFrameObj = new Object();
      IFrameObj.document = new Object();
      IFrameObj.document.location = new Object();
      IFrameObj.document.location.iframe =
document.getElementById('RSIFrame');
      IFrameObj.document.location.replace =
function(location) {
        this.iframe.src = location;
      }
    }
  }
  
  if (navigator.userAgent.indexOf('Gecko') !=-1 &&
!IFrameObj.contentDocument) {
    // we have to give NS6 a fraction of a second
    // to recognize the new IFrame
   
setTimeout('callToServer('+URL+','+sReturnTo+')',10);
    return false;
  }
  
  if (IFrameObj.contentDocument) {
    // For NS6
    IFrameDoc = IFrameObj.contentDocument; 
  } else if (IFrameObj.contentWindow) {
    // For IE5.5 and IE6
    IFrameDoc = IFrameObj.contentWindow.document;
  } else if (IFrameObj.document) {
    // For IE5
    IFrameDoc = IFrameObj.document;
  } else {
    return true;
  }

  IFrameDoc.location.replace(URL);
  IFrameDoc.onload = returnResults;
//document.getElementById('secondary').innerHTML=URL;
  return false;
}

function returnResults() {
  var IFrameDoc;
  if (IFrameObj.contentDocument) {
    // For NS6
    IFrameDoc = IFrameObj.contentDocument; 
  } else if (IFrameObj.contentWindow) {
    // For IE5.5 and IE6
    IFrameDoc = IFrameObj.contentWindow.document;
  } else if (IFrameObj.document) {
    // For IE5
    IFrameDoc = IFrameObj.document;
  } else {
    return true;
  }
  if(typeof gsDestination == 'object') {
    gsDestination.innerHTML =
IFrameDoc.body.innerHTML;
  } else if (gsDestination != 'Do Not Return') {
    document.getElementById(gsDestination).innerHTML =
IFrameDoc.body.innerHTML;
  }
  if (gsCallAfter) setTimeout(gsCallAfter,0);
}

// END CODE BLOCK

-------Tim Wrote--------
hello,

i cannot provide an example - but previously, i've
seen web developer 
(who i
hired to create a javascript function for me 2 years
ago) hide the 
source code
on a site that he had me view the work for approval.

i.e. when i clicked 'view source' it was just a blank
file - no matter 
what i
tried - it was hidden

i'm now learning client side and server side scripting
for myself and 
starting
my own business. i would love to use this technique in
the approval 
stages of
development.

does anyone know how this is done?

i'm happy for you to reply to me privately if this is
a trade secret - 
or how
can i find more information on doing such a thing?

thank you very much for your time

tim burgan


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


More information about the thelist mailing list