Do you like our spider?  Nature photography by Drake Environmental

Wednesday, June 28, 2017
  Login
  Our sponsors
  Top Forum Posts
Bogus Electronic Greeting Cards by DavidGray
What Is It? For almost a year, we ...
Router password vulnerability on most routers by LeeDrake
What it is Happy 2008!  And t...
Critical RealPlayer Update Available by DavidGray
What Is It? A remote code executio...
A Word of Caution About Social Networking Web Sites by DavidGray
What Is It? Social networking Web ...
Microsoft Releases Critical Updates for Office 2000 and Office 2004 for the Apple Macintosh by DavidGray
What Is It? Just as all the kids a...
Critical Vulnerabilities in Adobe (Macromedia ) Flash Player by DavidGray
What Is It? Adobe, which now owns ...
Trojan disguises itself as greeting card by LeeDrake
What it is You may have noticed gr...
Critical Updates for Apple Macintosh OS X by DavidGray
What Is It? Apple Computer, Inc.&n...
Critical Update for Animated Cursor Vulnerability in Microsoft Windows by DavidGray
What Is It? There is an unchecked...
DST Adjustments for All Windows Computers by DavidGray
DST Adjustments for All Windows Com...
Click here to visit OS-Cubed, Inc.
Viruswarn banner
  The new improved Viruswarn.com

Welcome to the new, improved viruswarn.com.  While we're just starting to get the site back up and running, we have some exciting new capabilities.  For the first time the forums for Viruswarn will be integrated directly into the website, rather than hosted at www.leedrake.com.  You will be able to interact with the authors and participate in online discussions.

In addition, we plan to syndicate our blogs, and all our forum content so that you can easily reproduce it on your own site, or add it to your site's main web page.  This syndication capability will make us your source for virus and security warning info.

Once you've registered and logged in you'll have access to exclusive members-only content.

  Infected? Dance the tango!
Dance the Security Tango
  Register or Login


Forgot Password ?
  Recent Viruswarn posts
  Sign up for Viruswarning   

If you don't already receive the viruswarning emails you may login and register for the site and send us a request.  Once you login you'll see the request form here on the home page.  You must register for the site (which gives you full access to the forums) AND also register for the viruswarn mailing list.  If you sign up for the site without signing up for the mailing list - you will not receive the viruswarning notices in your email.

You may always unsubscribe, or change your email from this page as well.

  CERT Alerts
  Hide Thy JavaScript
Location: BlogsWizard Wisdom    
Posted by: David Gray 1/23/2007

Recent work on ASP.NET applications prompted me to think more seriously about devising a way to hide JavaScript code from snoops, such as other programmers, and search engine spiders. Since I had to modify some JavaScript code on a production Web site today, I took the opportunity to test a theory that is inspired by the "code behind" documents generated by Visual Web Developer 2005. The page in question is a property tax proration calculator, that was contained entirely within a page, prorator.html, including the JavaScript code that validates the input fields and does the math.

Why Was I Concerned?

The code in question contains three statements, located at the top, outside the scope of any JavaScript function. These three statements create and initialize a trio of lookup tables used by the functions to validate input and to prorate the property tax between a buyer and a seller. When the script is inline, these three statements execute, and the tables, having global scope, are available for use by the JavaScript functions that follow.

How Did I Do It?

Quite simply, like so:

  1. I moved all the code to a new file, prorator.js.
  2. In its place, I added the following to the HEAD section of the HTML page .

<script language="javascript" src="prorator.js"></script>

That's all there is to it!

What Happens Now?

When the page loads, the script code is returned to the visitor's Web browser. Since the SRC attribute of the SCRIPT tag acts like any other hypertext reference, the code behaves as it did when it was part of the page, and since it is within the scope of a SCRIPT tag, the code that lies outside the functions executes when the file loads, just as it did, so the lookup tables that the functions need are ready to go.

What Are the Benefits?

This simple change has two huge benefits.

  1. The code is already more secure, because a casual browser can neither steal the code for his own use, nor maliciously alter it, then claim that our code was defective.
  2. By placing the code outside the page, the text that we want searched and indexed by Google and other search engines moves to the top of the page, thus increasing its relevance index.

What's Next?

Obviously, I intend to apply this technique to several other pages that I maintain that contain code in them. First up is the home page of a marketing Web site that went live in November 2006. That page contains two huge tables that are used to pre-load a set of images, used in a slide show that is one of its key visual features.

Beyond that, the next step is to move the JavaScript files into a separate directly, where I can apply more sophisticated access controls, using techniques that recently came to my attention in another context, so that they can't be stolen by programmers who are too lazy to do the work, themselves, and who can't be bothered with asking permission.

 

 

Copyright ©2007 David Gray
Permalink |  Trackback

Your name:
Title:
Comment:
Add Comment   Cancel 
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement