In practice, it is impossible to hide the Javascript code from the source code, because the Javascript code is downloaded to the client browser in ...
For further actions, you may consider blocking this person and/or reporting abuse
These are great tips.
I think obfuscation and minification are only going to make it harder for developers to read your code. And a really good developer that is hellbent on reverse engineering your code, will definitely do so.
In my opinion, the safest thing to do, is to hide any sensitive code on the server.
💯
You do minification to reduce bundle size. Yes, it will obfuscate the names of variables and functions, but that won't stop an experienced developer from analyzing your code.
The only way to stop people from doing that is not putting your code online.
The front end JS will always be visible. When the browser requests for the JS file, you will see the URL. If it is in the HTML then also it will always be visible.
Totally agree with you, but if the requested JS file is obfuscated or minified, it would be difficult to read and understand the code, results in partially hiding any vulnerability if present in the js source.
Even sometimes the experienced developer will find difficult to understand the obfuscated or minified code. So if you are handling any sensitive code, these methods make it difficult to understand and preventing exposing any vulnerability.
Yeah, I agree on the obfuscation point. It'll surely hide to some extent.
I am such an experienced developer (25+ years of front-end development) and have analyzed a lot of obfuscated code, even detected malicious code literally invisible to the human eye (because it was hidden inside a string of different spacer characters).
Yes, it is not as simple as reading sources, which are meant to be read, but the underlying logic is still there, because that is meant to be interpreted by the engine and if it can do that, so can you – with a bit of training, you can read it almost as fast as badly written code.
If anyone wants to obfuscate any frontend business logic, better use WASM.
💯
Please don't do this. Don't put secrets in your code, or any 'secret code' on a frontend. It's as simple as that. Making the code a little harder to read is not an adequate protection for building it wrong. Build it right....
The questions is - why would you want to hide your code in 'view source'?
I have already answered that in the article:)
Well, sensitive code should never be on the front end (unless you're mad)... so, the question remains - why would you want to hide it?
While it is true that sensitive code should not be on the front end, there may be situations where some code needs to be executed on the client side. In such cases, it is important to take steps to protect the code from unauthorized access and tampering.
Additionally, even if the code is not sensitive, some developers may still want to make their code harder to read and understand in order to protect their intellectual property. By using techniques suggested in the article, they can make it more difficult for others to steal or copy their code.
However, as mentioned earlier in the article, these methods are not foolproof and should not be relied upon as the only line of defense. Developers should implement multiple layers of security to protect their code and ensure the safety of their web applications.
Also, you've neglected to mention JS compressors that will effectively turn your code into 'executable, compressed JS'.
creativejs.com/2012/06/jsexe-javas...
Even with obfuscated code, reverse engineering remains feasible. However, it is possible to conceal JavaScript files from public view in the browser. Currently, only one company offers technology capable of rendering such files completely invisible across any browser.
That's a good article for developers, especially those security conscious people like me. Good work 👍
Use our technology to protect your JavaScript code from being viewed or analyzed by tools like the "Inspect" tool, "Sources" tab, or "View Source" option. Our solution ensures that your JavaScript remains invisible. Simply paste your JS code into our interface, receive a unique URL, and your JavaScript will be fully protected. Ask for a FREE 10 days Trial for one JS file