Web page | source code
Very early wanted to write an article on the Web page source code screen. is because often make up some JS script, in the same time, also worry about the source code will be seen, steal my script. So all along, I've been trying to maintain the security of my web page source code. Although no completely safe shielding method has been found (that is, these methods have already known their weaknesses and methods when I think of them), but I have a lot of shielding ideas here to sum up.
As we all know, to protect a page, the most basic is to shield the right button. Now the most frequently used Web page is function click (), which is the following code:
〈script〉
function Click () {
if (event.button==2) {
Alert (' This website welcomes you!! ');
}
}
Document.onmousedown=click
〈/script〉
However, this method of shielding is also known to crack. That is, a continuous click of the left mouse button and right button will be able to see the right menu. However, I have seen a good way to shield the right button. The principle is different from what it says above. It is not written with JS script, but the use of the definition of page properties to play a limiting role. Moreover, in the shielding should try to avoid using JS script. Because as long as the viewer has disabled ie JavaScript script. Then all shielding is in vain.
So keep talking about the way you can modify the masking right button of a page's properties. This method uses the 〈body〉 in HTML to make changes, and it has only the following short line of code:
〈body oncontextmenu=self.event.returnvalue=false〉
Here, define the OnContextMenu. Causes the right key to be false, which has the effect of shielding the right key. Now, try the cracked method, and it's gone. The left and right key combo is no longer able to open the right-click menu. Not only this, but try the other way. No matter how messy you are, the right button is useless. Because on this page, the right button already does not exist. What can you do with a nonexistent function key?
However, shielding the right button does not solve the problem. If I want to copy a piece of text, or a picture. Then, select it and use CTRL + C to use CTRL + V to copy and paste it. By the way, the next thing to say is the left-screen button. Shielding left button? So this web page is not nearly wasted? Don't worry, don't finish, the left key is only one function is very annoying of the selected function.
Then, as mentioned above, using JS to shield is not used, the symptoms are not the root causes. So we're going to use the most basic language of the Web: HTML to define it. Or the old tricks, the definition of 〈body〉. The parameters used this time are: onselectstart. is the parameter selected by the left key. The code is as follows:
〈body onselectstart= "return false"
In this way, the left button to select the function is easily blocked. The principle is the same as above. Now, then use your left arrow to select any content, has no use. Naturally also cannot ctrl + C,ctrl +V. So now we're going to combine the two parts. Completely control about key! :
〈body Oncontextmenu=self.event.returnvalue=false onselectstart= "return false"
Now, the question about key is finally solved.
OK, now let's look at another question. As you all know, in the IE browser menu bar in the "View" item. There is a "View source code" option. So, although we have shielded the view source code in the right key. However, as long as you use the view Source code in the menu bar, you can still see the source code. What can we do about it?
My initial idea was to use a framework to circumvent the view of the source code. In other words, as long as a Web page is embedded in the frame, then the menu bar to select the view source code to see only the frame page source code. The general format is as follows:
〈html〉
〈head〉
〈meta http-equiv= "Content-type" content= "text/html; charset=gb2312 "
〈title〉 this website title 〈/title〉
〈/head〉
〈frameset rows= "47,*" framespacing= "0" border= "0" frameborder= "0"
〈frame name= "header" scrolling= "no" noresize target= "main" src= "top.htm"
〈frame name= "main" src= "main.htm" scrolling= "Auto" target= "_self"
〈noframes〉
〈body〉
〈p〉 This page uses frames, but your browser does not support frames. 〈/p〉
〈/body〉
〈/noframes〉
〈/frameset〉
〈/html〉
This looks like the other side is not directly to see your source code. However, if a person wants to see your source code, then he must be able to read. If you understand a little HTML, you can see what these two sentences mean:
〈frame name= "header" scrolling= "no" noresize target= "main" src= "top.htm"
〈frame name= "main" src= "main.htm" scrolling= "Auto" target= "_self"
This means that the header (that is, the top of the page) refers to the Top.htm Web page file under the relative path. In main (that is, where most pages occupy the page), the Main.htm Web page file is referenced in the relative path. These two points is the key, the others do not explain, we all understand. The way to hide the source code using the framework above is to place the page in the main section. The header portion size is set to 0. But then, using the view Source code in the menu bar, you can still see the source code for the frames page. As long as we see these two sentences, we will know the way we used before. That is, as long as the name of the frames page changed to the target page, you can use the same method to see the source of the target page directly. For example: frames page: http://www.sina.com.cn/red.htm source code such as on, you can change to Http://www.sina.com.cn/main.htm. This can directly browse the protected Web page, shielding the effect of the source code is still not achieved.
Then, some people would think that if the other side does not see the source code of the frames page. What do you say to open the protected Web page directly? Yes, that's what I'm going to say next. If you want to view the source code in the menu bar of a page to be ineffective. The easiest way to do that is to get rid of the menu bar. And this can be done through pop-up windows. The reason why you do not use hyperlinks to open the No menu bar window is that it will expose the destination address, the viewer can directly in the browser typed address, and bypass the screen bar. To open a No menu bar window with a hyperlink, you must use a link in a Web page that has been protected by the source code.
So let's see how we can get rid of the menu bar using pop-up windows. In fact, all we have to do is to have the target page open in an ad bar. This code is available in almost every large web site. The code is as follows:
〈script〉
〈!--
window.open ("red.htm", "Red", "resizable=yes,width=500,height=300");
--〉
〈/script〉
Here, the first parameter in the parentheses after the window.open is the position of the page displayed by the pop-up window, where the red.htm page file is the first pair position. Then the run will talk about a window that shows a red.htm without a menu bar. Well, our purpose has been achieved. However, this window has a flaw, that is, there is no scroll bar. Because there is no argument about the scroll bar in the Statement of the window: window.open, or I don't know? Welcome to the Master letter pointed out that, so the Web page opened here to make the page to make the navigation page.
However, by using the above method to cancel the menu bar, there must be a second party Web page to do the pop-up work. The page that pops up the window, then, becomes a problem. For example, let's say we use a index.htm to work with pop-up windows. That is, after opening the index.htm, the Red.htm menu bar window pops up. We also mentioned earlier, if you know the address of a Web page, whether or not the page is hidden under the No menu bar, you can see its source code. Then, not letting this red.htm address be exposed is the key to solving the problem. However, as long as the index.htm is open, you can see the source code. But, think back, if we lock up index.htm? As long as the viewer does not have time to check the index.htm before it closes, you can keep its source code. Then, in this index.htm will have to do some articles.
That is, add the code to close the page.
Then we can use Window.close to close the window. The code is as follows:
〈script〉
〈!--
window.open ();
--〉
〈/script〉
So now we're merging the two pieces of code together. Now, the effect is that a window without a menu bar opens. Because the computer's processing speed is very fast, if we write these two pieces of code together immediately, then we can only see the new window. The code is as follows:
〈script〉
〈!--
window.open ("red.htm", "Red", "resizable=yes,width=500,height=300");
Window.close ();
--〉
〈/script〉
The original window has been closed without our noticing. In this way, don't say to see the source code of the page. Here, the Web page that joins the above source code has played a springboard role. However, here, we should pay attention to a few points. First, the Web page used to make a springboard should not be named Index.htm. Change it to a name, and change the default first name to the changed name. This allows the viewer to automatically access the page after the input network. Without letting each other know the name of the page. If you do not, you will cause the other side to guess where the page is. such as: 172.0.0.0/index.htm. This allows you to see the source code for the page by submitting it in a browser: view-source:http://172.0.0.0/index.htm.
After masking the menu bar and toolbars, we thought, how good would it be if we didn't have the top window bar? Here's what we're going to do, if there's a prerequisite, that is, after you open a window without a menu bar using the Springboard page. What are we going to do? is to let us display the content of the Web site only display content, (yes, the site is not for others to browse it?) What do you want with the browser and windows so versatile? As long as the content, the rest are removed. We can do it through a section of JavaScript. The following code is used to define code that does not have any window features:
〈script〉
function Open1 (URL) {
Newwin=window.open (URL, ' NewWindow ', ' fullscreen=1 ')
Newwin.resizeto (800,600)
Newwin.moveto (screen.width/0-800,screen.height/0-600)
}
〈/script〉
Where the function open1 (URL) defines the style of the hyperlink. So, when we write the address of the link, we should write this: Javascript:open1 (URL). For example, I want to open a windowless feature of the Sina home page should be in the text or the hyperlink in the picture to write this: Javascript:open1 (' http:www.sina.com.cn '). Of course, relative paths are also supported in parentheses. The final format should read:
〈script〉
function Open1 (URL) {
Newwin=window.open (URL, ' NewWindow ', ' fullscreen=1 ')
Newwin.resizeto (800,600)
Newwin.moveto (screen.width/0-800,screen.height/0-600)
}
〈/script〉
〈body Oncontextmenu=self.event.returnvalue=false onselectstart= "return false"
〈TD width= "100%" 〉〈a href= "javascript:open1 (' main.htm '), Window.close ()" 〉〈img border= "0" src= "pic/blank1.gif" style= " Position:absolute; left:556; top:142 "width=" 169 "height=" 57 "〉〈/a〉〈/td〉
〈/body〉
In this way, we have reached the page without window edge. And, in this page, the scroll bar is automatically added so that you don't see the following in the same way as before.
The last thing we want to do is encrypt every page, or the key page you think is important, OK. How to encrypt the source code of the Web page do I have to say more? There are all over the Internet, you can use tools, you can also write an HTM file to convert. Encryption software, I recommend "Batch HTML encryptor", go to Google to find it. There are also code to convert encrypted Web pages as follows:
〈html〉〈head〉〈title〉 Web page encryption and decryption 〈/title〉
〈meta http-equiv=content-type content= "text/html; charset=gb2312 "
〈meta content= "MSHTML 6.00.2600.0" Name=generator〉〈!--Dadi software Studio--〉〈link
href= "Style.css" rel=stylesheet〉
〈meta content= "Microsoft FrontPage 4.0" name=generator〉
〈/head〉
〈body bgcolor= #ffffff leftmargin=0 topmargin=0 onload=initstyleelements ()
〈div
Style= "LEFT:139PX; width:106px; Position:absolute; top:52px; Height:36px "
〈table cellspacing=0 cellpadding=0 width=760 align=center border=0〉〈!--dwlayouttable--〉
〈tbody〉
〈tr〉
〈TD valign=top align=middle width=760 height=310〉
〈div align=center〉
〈h2〉
〈script language=javascript〉
〈!--
var i=0;
var ie= (document.all)? 1:0;
var ns= (document.layers)? 1:0;
function initstyleelements ()/* Styles for Buttons Init * *
{
var c = Document.pad;
if (IE)
{
C.text.style.backgroundcolor= "#DDDDDD";
C.compileit.style.backgroundcolor= "#C0C0A8";
C.compileit.style.cursor= "Hand";
C.select.style.backgroundcolor= "#C0C0A8";
C.select.style.cursor= "Hand";
C.view.style.backgroundcolor= "#C0C0A8";
C.view.style.cursor= "Hand";
C.retur.style.backgroundcolor= "#C0C0A8";
C.retur.style.cursor= "Hand";
C.clear.style.backgroundcolor= "#C0C0A8";
C.clear.style.cursor= "Hand";
}
else return;
}
/* Buttons Enlightment of "compilation" Panel * *
function Lighton (what)
{
if (ie) What.style.backgroundColor = ' #E0E0D0 ';
else return;
}
function Focuson (what)
{
if (ie) What.style.backgroundColor = ' #EBEBEB ';
else return;
}
function Lightout (what)
{
if (ie) What.style.backgroundColor = ' #C0C0A8 ';
else return;
}
function Focusoff (what)
{
if (ie) What.style.backgroundColor = ' #DDDDDD ';
else return;
}
/* Buttons Enlightment of "compilation" Panel * *
function generate ()/* Generation of "compilation" * *
{
Code = Document.pad.text.value;
if (code)
{
Document.pad.text.value= ' Compiling ... Please wait! ';
SetTimeout ("Compile ()", 1000);
}
else alert (' something to compile and then press CompileIt ')
}
function compile ()/* the "compilation" * *
{
Document.pad.text.value= ';
Compilation=escape (code);
Document.pad.text.value= "〈script〉\n〈!--\ndocument.write (unescape (\" "+compilation+" \ ")); \n//--〉\n〈\/script〉";
i++;
if (i=1) alert ("Page compiled 1 time!");
else alert ("Page compiled" +i+ "times!");
}
function Selectcode ()/* Selecting "compilation" for copying * *
{
if (document.pad.text.value.length〉0)
{
Document.pad.text.focus ();
Document.pad.text.select ();
}
else alert (' Nothing for is selected! ')
}
function Preview ()/* Preview for the "compilation" * *
{
if (document.pad.text.value.length〉0)
{
Pr=window.open ("", "Preview", "scrollbars=1,menubar=1,status=1,width=700,height=320,left=50,top=110");
Pr.document.write (Document.pad.text.value);
}
else alert (' Nothing for is previewed! ')
}
function Uncompile ()/* decompiling a "compilation" * *
{
if (document.pad.text.value.length〉0)
{
Source=unescape (Document.pad.text.value);
Document.pad.text.value= "" +source+ "";
}
else alert (' Your need compiled code to uncompile it! ')
}
--〉
〈/script〉
〈br〉〈b〉〈font color= #333333 Web page HTML source code encryption and decryption device 〈/font〉〈/b〉〈/h2〉〈/div〉
〈table cellspacing=0 bordercolordark= #000000 cellpadding=10 width=750
Align=center bordercolorlight= #ffffff border=2〉
〈tbody〉
〈tr〉
〈td〉
〈div align=center〉〈br〉 put your source code in the editing area 〈br〉〈br〉
〈table cellspacing=0 cellpadding=0 width= "100%" border=0〉
〈tbody〉
〈tr〉
〈TD width= "100%" 〉〈!--compilation panel--〉
〈form name=pad method=post align= "center"
〈div align=center〉〈textarea style= "width:95%; Background-color: #ebebeb "Name=text rows=11 cols=58〉〈/textarea〉
〈br〉〈br〉〈br〉〈input Onmouseover=lighton (This) onclick=generate () onmouseout=lightout (this) Type=button value= encryption Name= compileit〉
〈input Onmouseover=lighton (This) Onclick=selectcode () onmouseout=lightout (this) Type=button value= Select All name=select〉
〈input Onmouseover=lighton (This) Onclick=preview () onmouseout=lightout (this) Type=button value= preview name=view〉
〈input Onmouseover=lighton (This) onclick=uncompile () onmouseout=lightout (this) Type=button value= decryption name=retur〉
〈input Onmouseover=lighton (This) onmouseout=lightout (this) Type=reset value= clear name=clear〉
〈/div〉〈/form〉〈!--compilation Panel--〉〈/td〉〈/tr〉〈/tbody〉〈/table〉〈/div〉〈/td〉〈/tr〉〈/tbody〉〈/table〉
〈div align=center〉〈br〉〈/div〉
〈div align=center〉〈/div〉〈/td〉〈/tr〉〈/tbody〉〈/table〉
〈/div〉
〈div〉〈/div〉〈/body〉〈/html〉
To sum up ... According to my thinking, shielding Web page source code is mainly divided into the following several steps:
1. Make a web springboard, eject the banner page you want to protect, and close itself to avoid revealing the address of the Web page you need to protect.
2. Because the above conditions block the banner of the Web page source code, so you can use this page as a welcome page.
3. In the Welcome page, use JavaScript as a hyperlink to open a new window without Windows to display the content of the Web site.
4. Encrypt the source code for each page or key critical page, and add a lock to the source code. Some people say it's no use encrypting the source code, but I think it's OK to use alternative points of encryption, such as the software encryption method is very common. But with my own write HTM file encryption source code, the general software can not be decrypted. You can try if you are interested. )
5. Finally have to mention is the Windows Web page temporary folder, which will be the source code records. But don't be afraid, add a code, you can make Windows not download the source code of the Web page, directly browsing. You can go and look for it.
Some things to note:
1. In the text of the statement that automatically closes the page: Window.close () has a disadvantage. You will be asked whether to close the window before closing the window, or you can not reach it if you choose not.
2. All of the above is only effective for IE browser, if you use another browser to browse, it is possible to screen the phenomenon of unsuccessful.
3. On the Web page source code shielding, has been elusive. I just write down the idea, concrete realization, or rely on the study of their own.