Thursday, December 7, 2023

Web Developer Class: How to Hide your Source Code

This question gets asked fairly often on Web Developer forums, so we’ve assembled a definitive answer to the question of how one can hide their HTML source from others.

Source Code Padding

Really, the oldest trick in the book. It involves adding a ton of white space before the start of your code so that the view source menu appears blank. However, must all people will notice the scroll bars and will scroll around to find your code. As pointless and silly as this method is, there are some still who use it.

No Right Click Scripts

These scripts stop users from right-clicking, where the “View Source” function is located.

Cons: Notoriously hard to get working across browsers and to actually work properly.

The right-click menu, or context menu, includes many helpful tools for users, including navigation buttons and the “Bookmark Page” button. Most users don’t take kindly to having their browser functionality disabled and are inclined not to revisit such pages.

The View Source function is also available through the top Menu. At the main menu bar at the top of your browser, select View, and then in the sub-menu, you’ll see “View Source” or something similar. Also, there are keyboard shortcuts like Ctrl+U that can be used to view source. All this method does is add about a two second delay to someone trying to view your source and it does irritate users who aren’t trying to view your source.

“JavaScript Encryption”

This is by far the most popular way to try to hide one’s source code. It involves taking your code, using a custom made function to “encrypt” it somehow, and then putting it in an HTML file along with a function that will decrypt it for the browser. A User is able to view the source, however, it isn’t understandable.

Cons: Your website is only usable for users with JavaScript enabled. This rules out search engines, users who’ve chosen to disable JavaScript, and users using a textual browser (such as the blind) that doesn’t have JavaScript capabilities. Remember, JavaScript is a luxury, not a necessity on the web.

You have to include a means of decrypting the page so the browser can display it. Someone who understands JavaScript can easily decrypt the page.

Many browsers provide alternative ways around this. Some allow you to save the page, decrypted for easy viewing later. Others, like FireFox, include tools like the DOM Inspector, which allows you to easily view and copy the XML of the page, decrypted.

HTML Protection Software

There are some less than honest people who want to sell you software to quickly and conveniently “protect” your source code. This type of software generally employs the above methods, in varying ways, to hide your source code. Many people think that if they are buying it, it must work. It doesn’t. As we’ve seen, the above methods are all easily circumvented, and all this software does is implement these horribly flawed methods for you and take your money. Don’t fall for them, I’ve yet to see a single one that’s worked, and they never will.

Isn’t there Any Hope?

The bottom line is that browsers need to see the unencrypted, plain text source code to create a webpage. For that reason, it’s impossible to hide your HTML source code. If the browser can read it, which it needs to be able to do to render a webpage, then so can a user. That’s the bottom line.

But My Page Was Stolen!

A lot of people look for this after having their website pirated. I know it’s cruel that in a few minutes someone can steal hours of your work, but hiding your source code can’t help you. Contacting the person in question and asking them to take it down solves many cases. Otherwise, contact the web host or the person’s ISP and explaining the situation is a good course of action. I can’t give you legal advice, but if you feel that your copyrights are being infringed, you can contact a lawyer. But hiding (or “encrypting”) your source, won’t do much of anything at all.

The Bottom Line

Unfortunately, the short answer to this question is, you can’t. There have been various methods put forth, but all of these are easily circumvented. In the end, the only sure fire way to make sure no one can steal your source code is to never put it on the Internet at all.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Popular Articles