Wednesday, June 28, 2017
  Our sponsors
  Hide Thy JavaScript
Location: BlogsWizard Wisdom    
Posted by: David Gray 1/23/2007
This article describes a technique that I developed, which allows me to keep all the JavaScript code used by a page in "code behind" files similar to those employed by Visual Web Developer 2005 to separate the code from the presentation and data in ASP.NET applications.

Recent work on ASP.NET applications prompted me to think more seriously about devising a way to hide JavaScript code from snoops, such as other programmers, and search engine spiders. Since I had to modify some JavaScript code on a production Web site today, I took the opportunity to test a theory that is inspired by the "code behind" documents generated by Visual Web Developer 2005. The page in question is a property tax proration calculator, that was contained entirely within a page, prorator.html, including the JavaScript code that validates the input fields and does the math.

Why Was I Concerned?

The code in question contains three statements, located at the top, outside the scope of any JavaScript function. These three statements create and initialize a trio of lookup tables used by the functions to validate input and to prorate the property tax between a buyer and a seller. When the script is inline, these three statements execute, and the tables, having global scope, are available for use by the JavaScript functions that follow.

How Did I Do It?

Quite simply, like so:

  1. I moved all the code to a new file, prorator.js.
  2. In its place, I added the following to the HEAD section of the HTML page .

<script language="javascript" src="prorator.js"></script>

That's all there is to it!

What Happens Now?

When the page loads, the script code is returned to the visitor's Web browser. Since the SRC attribute of the SCRIPT tag acts like any other hypertext reference, the code behaves as it did when it was part of the page, and since it is within the scope of a SCRIPT tag, the code that lies outside the functions executes when the file loads, just as it did, so the lookup tables that the functions need are ready to go.

What Are the Benefits?

This simple change has two huge benefits.

  1. The code is already more secure, because a casual browser can neither steal the code for his own use, nor maliciously alter it, then claim that our code was defective.
  2. By placing the code outside the page, the text that we want searched and indexed by Google and other search engines moves to the top of the page, thus increasing its relevance index.

What's Next?

Obviously, I intend to apply this technique to several other pages that I maintain that contain code in them. First up is the home page of a marketing Web site that went live in November 2006. That page contains two huge tables that are used to pre-load a set of images, used in a slide show that is one of its key visual features.

Beyond that, the next step is to move the JavaScript files into a separate directly, where I can apply more sophisticated access controls, using techniques that recently came to my attention in another context, so that they can't be stolen by programmers who are too lazy to do the work, themselves, and who can't be bothered with asking permission.



Copyright ©2007 David Gray
Permalink |  Trackback

Your name:
Add Comment   Cancel 
  David's Blog Archive   
  Search David's Blog   
Periwinkle Communications
Viruswarn banner
Click to visit WW.
  About David Gray   

David Gray is Founder and Chief Wizard of WizardWrx. Beginning in 1985, David has created imaginative solutions to problems for businesses around the world. With numerous programming languages and technologies at his disposal, his applications stretch the limits of what many people think is possible.

David brings to his projects a wealth of experience in accounting, business and process management, system architecture, and programming.

David has led or founded a number of user groups over the last 21 years, including the Metroplex Access Developers, which he founded in 1995. He has spoken before user groups, both in the Dallas-Fort Worth area, and in other cities around the US, about numerous topics, ranging from the fundamentals of good report design to very esoteric topics, such as the design and programming of custom text parsers.

As a member of the Greater Irving-Las Colinas Chamber of Commerce, David was one of the founding members of its Ambassadors program, which helps welcome new businesses to the Irving, Texas area, and participates in other Chamber events, to help make visitors feel welcome and included.

Until serious illness forced him to curtail his activities in the last few years, David was also active in other community service organizations, including the Irving Sunrise Rotary Club, Irving Cares, Inc., the Irving Hospital Foundation, and the Irving Police Foundation. Now that his health has improved, David looks forward to finding new ways to resume some involvement in his community.

When he isn’t working, David and his wife, Janet, enjoy a variety of activities, including cooking, good music, both recorded and live, and chasing sunsets and rainbows. David enjoys reading good science fiction, by which he means stories that are more than just cowboys and Indians set in space or in the distant future.

  Browse Blogs   
There are no categories in this blog.
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement