About Web page source code shield (1)

Source: Internet
Author: User
Tags define definition copy header key relative return
Web page | The source code has long wanted to write an article about Web page source code shielding. is because often make up some JS script, in the same time, also worry about the source code will be seen, steal my script. So all along, I've been trying to maintain the security of my web page source code. Although no completely safe shielding method has been found (that is, these methods have already known their weaknesses and methods when I think of them), but I have a lot of shielding ideas here to sum up.

As we all know, to protect a page, the most basic is to shield the right button. Now the most frequently used Web page is function click (), which is the following code:

〈script〉
function Click () {
if (event.button==2) {
Alert (' This website welcomes you!! ');
}
}
Document.onmousedown=click
〈/script〉

However, this method of shielding is also known to crack. That is, a continuous click of the left mouse button and right button will be able to see the right menu. However, I have seen a good way to shield the right button. The principle is different from what it says above. It is not written with JS script, but the use of the definition of page properties to play a limiting role. Moreover, in the shielding should try to avoid using JS script. Because as long as the viewer has disabled ie JavaScript script. Then all shielding is in vain.

So keep talking about the way you can modify the masking right button of a page's properties. This method uses the 〈body〉 in HTML to make changes, and it has only the following short line of code:

〈body oncontextmenu=self.event.returnvalue=false〉

Here, define the OnContextMenu. Causes the right key to be false, which has the effect of shielding the right key. Now, try the cracked method, and it's gone. The left and right key combo is no longer able to open the right-click menu. Not only this, but try the other way. No matter how messy you are, the right button is useless. Because on this page, the right button already does not exist. What can you do with a nonexistent function key?

However, shielding the right button does not solve the problem. If I want to copy a piece of text, or a picture. Then, select it and use CTRL + C to use CTRL + V to copy and paste it. By the way, the next thing to say is the left-screen button. Shielding left button? So this web page is not nearly wasted? Don't worry, don't finish, the left key is only one function is very annoying of the selected function.

Then, as mentioned above, using JS to shield is not used, the symptoms are not the root causes. So we're going to use the most basic language of the Web: HTML to define it. Or the old tricks, the definition of 〈body〉. The parameters used this time are: onselectstart. is the parameter selected by the left key. The code is as follows:

〈body onselectstart= "return false"

In this way, the left button to select the function is easily blocked. The principle is the same as above. Now, then use your left arrow to select any content, has no use. Naturally also cannot ctrl + C,ctrl +V. So now we're going to combine the two parts. Completely control about key! :

〈body Oncontextmenu=self.event.returnvalue=false onselectstart= "return false"

Now, the question about key is finally solved.

OK, now let's look at another question. As you all know, in the IE browser menu bar in the "View" item. There is a "View source code" option. So, although we have shielded the view source code in the right key. However, as long as you use the view Source code in the menu bar, you can still see the source code. What can we do about it?

My initial idea was to use a framework to circumvent the view of the source code. In other words, as long as a Web page is embedded in the frame, then the menu bar to select the view source code to see only the frame page source code. The general format is as follows:

〈html〉

〈head〉
〈meta http-equiv= "Content-type" content= "text/html; charset=gb2312 "
〈title〉 this website title 〈/title〉
〈/head〉

〈frameset rows= "47,*" framespacing= "0" border= "0" frameborder= "0"
〈frame name= "header" scrolling= "no" noresize target= "main" src= "top.htm"
〈frame name= "main" src= "main.htm" scrolling= "Auto" target= "_self"
〈noframes〉
〈body〉

〈p〉 This page uses frames, but your browser does not support frames. 〈/p〉

〈/body〉
〈/noframes〉
〈/frameset〉

〈/html〉

This looks like the other side is not directly to see your source code. However, if a person wants to see your source code, then he must be able to read. If you understand a little HTML, you can see what these two sentences mean:

〈frame name= "header" scrolling= "no" noresize target= "main" src= "top.htm"
〈frame name= "main" src= "main.htm" scrolling= "Auto" target= "_self"

This means that the header (that is, the top of the page) refers to the Top.htm Web page file under the relative path. In main (that is, where most pages occupy the page), the Main.htm Web page file is referenced in the relative path. These two points is the key, the others do not explain, we all understand. The way to hide the source code using the framework above is to place the page in the main section. The header portion size is set to 0. But then, using the view Source code in the menu bar, you can still see the source code for the frames page. As long as we see these two sentences, we will know the way we used before. That is, as long as the name of the frames page changed to the target page, you can use the same method to see the source of the target page directly. For example: frames page: http://www.sina.com.cn/red.htm source code such as on, you can change to Http://www.sina.com.cn/main.htm. This can directly browse the protected Web page, shielding the effect of the source code is still not achieved.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.