Html/text/javasript escaping/encoding script

ArticleDirectory

• Escape/Unescape
• Encoding/Decoding

These scripts are intended to explain how to "hide" HTML and/or Javascript from other people who view your page's source code. it is not foolproof, but it does make it more difficult to read and understand the source code. due to the nature of how these scripts work, the explanation may seem complicated and drawn out, but be patient and it shocould make sense once you gain a little experience with them. you don't really Have To know the ins-and-outs of these scripts, but it does help you understand how and why they work. so, take a seat and I'll do my best to make this seem as un-complicated as possible.

By the way, my stolen "popup" scriptPopovergenerator.comUses a similar method of doing this to hide their thievery. Check out this page for proof...

Escape/Unescape

The first section of this page explains how to "escape" any text, HTML, or JavaScript to make it generally unreadable to the common user. URL escape codes are two-character hexadecimal (8-bit) values preceeded by a % sign. this is used primarily in browser URLs or for use when making cookies for characters that otherwise wocould not work, usually because they are reserved characters (like spaces and the like ).

For example, if you had an HTML filenamePage one, The escaped URL code wowould look likePage % 20one.% 20Is the escaped value for a space. Normally, you wocould only escape special characters (generally any character other than a-Z, A-Z, and 0-9), but the script below actually escapesAllThe text simply by replacing all characters with their escaped equivalents. So, if you wereFullyEscape the wordsPage one, It wocould look like:% 70% 61% 67% 65% 6f % 6e % 65. Now, none of the text is easily decipherable even though most of it was made up of normal characters.

Since the browser can inherently handle escape codes, this can be used pretty easily without having to add any more script to decipher them. so, if you want the browser to write that escaped text to the page, you coshould do something like:

<Script language = "JavaScript"> document. Write (Unescape ('% 70% 61% 67% 65% 20% 6f % 6e % 65 '));

</SCRIPT>

All I'm doing here is putting the escaped string in a set of quotes (important !), Wrapping that inside the built-inUnescape ()Method, and then wrapping that inDocument. Write ()Method. this might seem a little worthless, but you cocould hide an email address this way to prevent web crawlers from snagging your e-mail address from your webpage to use in mass spam e-mailings, yet allowing visitors to read it fine... unless, of course, you actuallyLikeGetting Viagra solicitations.
For instance, my fully escaped e-mail address wocould look like this to a web crawler:

<Script language = "JavaScript"> document. write (Unescape ('% 73% 63% 72% 69% 70% 74% 61% 73% 79% 6C % 75% 6D % 40% 68% 6f % 74% 6D % 61% 6C % 2e % 69% 6f % 6D '));

</SCRIPT>

... But wocould look like this to a visitor:

Scriptasylum@hotmail.com

The two textboxes below will let you fully escape and Unescape any text you want. Just type whatever text/html/JavaScript you want in the Left box and click-->Button to fully escape it. Likewise, click<--Button to convert it back to normal text to verify that it is the same as the original. You can copy & Paste the escaped code into your page (don't forget to useUnescape ()AndDocument. Write ()Methods ).

Encoding/Decoding

Now, you probably have figured out that youCocouldHide an entire HTML page using the above method; but there are two disadvantages to doing that: size and amount of "cracking" your code.

When you fully escape an entire page, every single character becomes 3 characters. this will triple the size of your page. not a big deal if the page is only about 1-5 Kbytes in size; but when you have a fairly large page (> 10 Kbytes), The filesize increases rapidly. this wocould slow the load time for the dial-up connection surfers out there.

Also, if someone were to look at your source code, it wocould be pretty easy to figure out what you are doing. then they can simply copy & Paste the code and make a small script to display the normal content. there is no absolute foolproof way (client-side) to foil someone from viewing your source if they are determined enough; the best you can hope for is to make it as inconvenient as possible.

So, to address both concerns you coshould encode/decode the text. again, it won't be foolproof to keep people from stealing your source content if they really want it. I am really using the terms "encode" and "decode" loosely here; what the following script does is not considered actual encoding, but it's easier to say it that way. the encoded output will be a bit longer than the original text, but a lot less than if you had simply escaped it all.

The above section just escapes the text. The section below actuallyShiftsThe Unicode values so the result looks like gibberish. Give it a try and you'll see; don't forget to try differentCode KeyValues from the drop-down box.

The following steps are what the script does to accomplish this effect when you click --> (Encode) button:

1. First, all the text is escaped.
2. Then the script finds the Unicode values for each character in the string.
3. Then the script adds whateverCode KeyDrop-down box value is to each character's Unicode value.
4. Then the script derives Characters Based on the shifted Unicode values.
5. TheCode KeyValue is also embedded in the decoded text so the script knows how to properly decode the string again.
6. Finally, it escapes the result one more time to remove any special characters. Now, the output looks totally foreign to someone who cannotUn-shiftUnicode values in their head.

The decode step<--Simply reverses the process.

Unfortunately, the browser does not have any built-in ability to handle the decoding, so we have to use a function for that. So, you haveEscapeThe function that handles the decoding to hide that part, and have the browser write it to the document. You don't reallyHaveTo escape the decoding function, but it will make it that much harder for someone to figure out what's going on. then, the decoding function can be used to decode the rest of whatever content you have encoded. i'll outline the steps below one-by-one to make this less confusing.

1. Escape the decoding function. Before this function is escaped, it looks like this:
   <Script language = "JavaScript">
   Function DF (s ){
   VaR S1 = Unescape (S. substr (0, S. Length-1); var T = '';
   For (I = 0; I <s1.length; I ++) T + = string. fromcharcode (s1.charcodeat (I)-S. substr (S. Length-1, 1 ));
   Document. Write (Unescape (t ));
   }
   </SCRIPT>

   Once escaped, the function looks like this:

   % 3C % 73% 63% 72% 69% 70% 74% 20% 6C % 61% 6e % 67% 75% 61% 67% 65% 3D % 22% 6a % 61% 76% 61% 73% 63% 72% 69% 3E % 0d % 0a % 66% 75% 6e % 63% 74% 69% 6f % 6e % 20% 64% 46% 28% 73% 7b % 0d % 0a % 29% 76% 61% 72% 20% 3D % 73% 6e % 31% 75% 65% 73% 63% 65% 28% 73% 2e % 73% 75% 62% 73% 74% 72% 28% 2C % 30% 2e % 6C % 73% 6e % 65% 67% 2D % 74% 68% 3B % 31% 29% 29% 20% 76% 3D % 27% 27% 3B % 0d % 0a % 66% 6f % 72% 28% 69% 3D % 30% 3B % 69% 3C % 73% 2e % 6C % 31% 6e % 65% 67% 74% 3B % 68% 2B % 2b % 29% 74% 2B % 3d % 53% 74% 72% 69% 6e % 67% 2e % 66% 72% 6f % 6D % 43% 68% 61% 72% 43% 6f % 64% 65% 28% 73% 2e % 31% 63% 72% 43% 6f % 64% 65% 41% 74% 28% 69% 2D % 29% 2e % 73% 73% 75% 62% 73% 74% 72% 2e % 6C % 28% 6e % 73% 65% 67% 2D % 74% 2C % 68% 29% 29% 3B % 0d % 0a % 64% 6f % 63% 75% 6D % 65% 6e % 74% 2e % 77% 72% 69% 74% 65% 28% 6e % 75% 65% 73% 63% 61% 70% 65% 3b % 0d % 0a % 7D % 0d % 0a % 3C % 2f % 73% 63% 72% 69% 70% 3E

   Neat huh?
   Anyway, now you have to make the browser write that part of the script to the page by wrapping it inDocument. Write ()AndUnescape ()Methods like this:

   <Script language = "JavaScript">
   Document. write (Unescape ('% 3C % 73% 63% 72% 69% 70% 74% 20% 6C % 61% 6e % 67% 75% 61% 67% 65% 3D % 22% 6a % 61% 76% 61% 73% 63% 72% 69% 70% 74% 22% 3E % 0d % 0a % 66% 75% 6e % 63% 74% 69% 20% 6f % 6e % 64% 46% 28% 73% 29% 7b % 0d % 0a % 76% 61% 72% 20% 73% 3D % 31% 6e % 65% 73% 63% 61% 70% 65% 28% 73% 2e % 73% 75% 62% 73% 74% 72% 28% 2C % 30% 2e % 6C % 73% 6e % 65% 67% 2D % 74% 68% 31% 3B % 29% 61% 72% 20% 74% 3D % 27% 3B % 0d % 0a % 27% 6f % 66% 72% 28% 3D % 69% 3B % 30% 3C % 69% 2e % 6C % 73% 6e % 31% 65% 67% 3b % 69% 2B % 2B % 29% 74% 2B % 3d % 53% 74% 72% 69% 6e % 67% 2e % 66% 72% 6f % 6D % 43% 68% 61% 72% 6f % 43% 64% 65% 28% 73% 31% 2e % 63% 68% 61% 72% 43% 6f % 64% 65% 41% 74% 28% 69% 2D % 29% 2e % 73% 73% 75% 62% 73% 74% 2e % 6C % 72% 6e % 28% 73% 2D % 31% 2C % 31% 29% 29% 3B % 0d % 0a % 64% 6f % 63% 75% 6D % 65% 6e % 74% 2e % 77% 72% 69% 74% 65% 6e % 28% 75% 65% 73% 63% 61% 70% 65% 28% 74% 29% 29% 3B % 0d % 0a % 7D % 0d % 0a % 3C % 2f % 73% 63% 72% 69% 3E '))
   </SCRIPT>

2. Now that you have the decoding function on the page, you can call it to decode whatever content you have encoded. let's say you had a script you wanted to protect; something like an image preloading script like this: <script language = "JavaScript">
   Function preloadimages (){
   VaR IA = new array ();
   For (I = 0; I <arguments. length; I ++ ){
   IA [I] = new image ();
   IA [I]. src = arguments [I];
   }}

   Preloadimages('img1.gif ', 'img2.gif ');
   </SCRIPT>

   Once the script above is encoded using "Code Key" Number 1, it looks like this:

   % 264 dtdsjqu % 2631 mbohvbhf % 264e % 2633 kbwbtdsjqu % 2633% running F % 261e % 261 bgvodujpo % 2631 running % 2639% 3A % 268c % 261e % 263% bwbs % 2631jb % 261 eofx % 264 bssbz % 2639% 3A % 264c % 261e % 263% bgps % 2639j % g0e1 % CJ % 261 dbshvnfout/mfohui % 264cj % 2C % 264 3A % 268c % 261e % 261bjb % 266cj % 266e % 264 eofx % 2631 jnbhf % 2639% 3A % 264c % 261e % 261bjb % 266cj % 266e/TSD % 263% ebshvnfout % 266cj % 266e % 264c % 261e % 261b % 268e % 268e % 261e % 261b % 261e % 261 bytes % 2639% 2638jh2/ hjg % 2638% 263d % 2638jnh/hjg % 2638% 263d % 2638jnh/hjg % 2638% 3A % 264c % 261e % 261b % 2017d0tdsjqu % g0f1

   Then, you decode the string and write it to the page by callingDF ()Function (which was just unescaped and written to the page in the previous step) passing the string above like this:

   DF ('% 264 dtdsjqu % 2631 mbohvbhf % E % 2633 kbwbtdsjqu % 2633% running F % 261e % 261 bgvodujpo % 2631 running % 2639% 3A % 268c % 261e % 263% bwbs % 2631jb % 261 eofx % 2631 bssbz % 2639% 263% 3A % 264c % 261e % 261 bgps % 2639j % %e1% CJ % 264 dbshvnfout/mfohui % 264cj % 2C % 263% 3A % 268c % 261e % 261bjb % 266cj % 266e % 264 eofx % 2631 jnbhf % 2639% 3A % 264c % 261e % 261bjb % 266cj % 266e/TSD % 263% bytes % 266cj % 266e % 264c % 261e % 261b % 268e % 268e % 261e % 261b % 261e % 261 running % 2639% 2638jh2/ hjg % 2638% 263d % 2638jnh/hjg % 2638% 263d % 2638jnh/hjg % 2638% 263% 3A % 264c % 261e % 261b % 1_d0tdsjqu % 1_f1 ');

So, to bring all this together, the following is what you wowould paste into your page:

<Script language = "JavaScript">
document. write (Unescape ('% 3C % 73% 63% 72% 69% 70% 74% 20% 6C % 61% 6e % 67% 75% 61% 67% 65% 3D % 22% 6a % 61% 76% 61% 73% 63% 72% 69% 70% 74% 22% 3E % 0d % 0a % 66% 75% 6e % 63% 74% 69% 20% 6f % 6e % 64% 46% 28% 73% 29% 7b % 0d % 0a % 76% 61% 72% 20% 73% 3D % 31% 6e % 65% 73% 63% 61% 70% 65% 28% 73% 2e % 73% 75% 62% 73% 74% 72% 28% 2C % 30% 2e % 6C % 73% 6e % 65% 67% 2D % 74% 68% 31% 3B % 29% 61% 72% 20% 74% 3D % 27% 3B % 0d % 0a % 27% 6f % 66% 72% 28% 3D % 69% 3B % 30% 3C % 69% 2e % 6C % 73% 6e % 31% 65% 67% 3b % 69% 2B % 2B % 29% 74% 2B % 3d % 53% 74% 72% 69% 6e % 67% 2e % 66% 72% 6f % 6D % 43% 68% 61% 72% 6f % 43% 64% 65% 28% 73% 31% 2e % 63% 68% 61% 72% 43% 6f % 64% 65% 41% 74% 28% 69% 2D % 29% 2e % 73% 73% 75% 62% 73% 74% 2e % 6C % 72% 6e % 28% 73% 2D % 31% 2C % 31% 29% 29% 3B % 0d % 0a % 64% 6f % 63% 75% 6D % 65% 6e % 74% 2e % 77% 72% 69% 74% 65% 6e % 28% 75% 65% 73% 63% 61% 70% 65% 28% 74% 29% 29% 3B % 0d % 0a % 7D % 0d % 0a % 3C % 2f % 73% 63% 72% 69% 3E ')); DF ('% 264 dtdsjqu % 2631 mbohvbhf % E % 2633 kbwbtdsjqu % 2633% running F % 261e % 261 bgvodujpo % 2631 running % 2639% 3A % 268c % 261e % 263% bwbs % 2631jb % 261 eofx % 2631 bssbz % 2639% 263% 3A % 264c % 261e % 261 bgps % 2639j % %e1% CJ % 264 dbshvnfout/mfohui % 264cj % 2C % 263% 3A % 268c % 261e % 261bjb % 266cj % 266e % 264 eofx % 2631 jnbhf % 2639% 3A % 264c % 261e % 261bjb % 266cj % 266e/TSD % 263% bytes % 266cj % 266e % 264c % 261e % 261b % 268e % 268e % 261e % 261b % 261e % 261 running % 2639% 2638jh2/ hjg % 2638% 263d % 2638jnh/hjg % 2638% 263d % 2638jnh/hjg % 2638% 263% 3A % 264c % 261e % 261b % 1_d0tdsjqu % 1_f1 ');
</SCRIPT>

I 've ve highlighted the part that unescapes the decoder function in light yellow, and the part that decodes the preloading script and writes it to the page in light blue. you wocould just paste the whole section abve into your page and the script wocould function perfectly just like it wowould if it were plain old English. yes, it looks confusing, but that's the point isn't it? Oh, and one more thing: the whole string shoshould appear onOne line; You canNotAdd forced line breaks.

The same thing is done if you want to encode a whole HTML page, cannot the encoded part of the string (light blue) cocould potentially beHuge. The escaped function (light yellow) wocouldNotChange however.

I 've made a couple of wizards you can use for different purposes. you can achieve the same thing by using the escape/un-escape & encoder/decoder functions above, but these are specialized to take out some of the guesswork. each of the links below will open a new window.

• Javascript encoder-designed to encode JavascriptOnly. Useful to only encode and install a script in an already created HTML page.
• HTML page encoder-designed to encode your whole HTML page. you just enter your HTML sourcecode into one box, select the encoding scheme, and press the "encode" button. the output can be pasted directly into a blank page and saved as an HTML file.

The method this script uses to shift the Unicode values may be different from other similar encoding scripts you may find elsewhere on the net. my version simply adds the "Code Key" value to the Unicode value. others may subtract, multiply, divide, square, etc a number to scramble the original text. no matter what, the method is very similar.

You can find a complete chart of all the Unicode values using the MS windowsCharmapApplication.