Java Script compression and obfuscation

We all know that JavaScript is an interpreted language executed in the client browser. The browser downloads JavaScript in plain text and then
Execute JavaScript code as needed.

By using the browser's source code viewing function, you can always read the source code of JavaScript. This function displays the complete HTML code of the page,
Contains any JavaScript code block. Even if the JavaScript source code is put in an external file and referenced to the page through the src attribute of the script tag
It can still be downloaded and read by users. For anyone who views the page
JavaScript code is always visible. Because of this, you should not write private or sensitive logic in JavaScript. This logic
It is best to put it on the server side, which is safer.

As JavaScript is increasingly used in Ajax-based applications, the size of JavaScript source files becomes a problem. Because it is interpreted
Language, so
JavaScript will never be compiled into machine-level binary code, while the latter is a more efficient storage format for executable code. A large number of JavaScript
The file will speed down the application, because the browser must download the source code from the server before executing the JavaScript. In addition, if
If there are a lot of comments in the Code, the huge JavaScript code will only become larger
.

We can see that there are two problems with the lack of binary executable code in JavaScript: poor security and the need to download a lot of source code. Yes
How can we solve these two problems?

With
JavaScript has become more and more popular, and some tools can help us solve these two problems. The simplest compression tool is to remove Objective C
All comments and line breaks in the ript source code can reduce the amount of source code to be downloaded. Delete comments and line breaks by 30% or more
JavaScript source code, depending on the situation. Note that
Before compression, JavaScript source code must use semicolons to properly end all declarations, otherwise errors or unexpected behavior will occur.

Remember, although JavaScript statements should always end with a semicolon, most browsers are very tolerant. They allow not to write such semicolons, as long
There should be a line break in the place where it should be a semicolon. Many compressors will remove line breaks. When the Declaration does not end with a semicolon, this will
The source file produces unexpected results. JavaScript does not have a compiler to capture
Therefore, we should replace it with the Javascript validators to ensure that all rows end with semicolons, and that all declaration blocks use braces.
A good JavaScript validator is
Jslint, which can be downloaded from www.jslint.com. Always using JavaScript validators like jslint before compressing JavaScript will help
We prevent errors caused by compression and obfuscation of unconventional JavaScript.

Other tools are more powerful and provide obfuscation functions. Obfuscation is a process of scanning source code. This process uses the original name of the field and function.
To prevent others from understanding the source code and internal structure. Generally, languages like C ++ are
There is no need to confuse it because it will be compiled into machine-level binary commands. Is
To achieve high security, even modern languages such as Java or C # That are compiled into intermediate bytecode instead of binary instructions need to use obfuscators.
.

Due to the nature of the javascript interpreter, writing JavaScript obfuscation tools is extremely challenging. When determining the scope and visibility of function names
In terms of variables and global variables,
JavaScript obfuscation tools may be difficult. As a result, the compressed source code often fails to run correctly. From experience alone, the best way is
Avoid exposing sensitive or private logic to Javascript, and try to put them on the server side, where they are secure. If you insist on
When using JavaScript obfuscators, you must thoroughly test the obfuscated
JavaScript to make sure it still works properly.

Javascript compressors of the dojo Toolkit

Currently, JavaScript compressors and obfuscators widely used by developers are provided by the dojo toolkit. The download URL is
Www.dojotoolkit.org/docs/compressor_system.html. Like many JavaScript compressors, the dojo compressors are also removed
There are spaces on both sides of annotations and operators, and variable names are replaced with shorter names to compress JavaScript source files. Wait -- replace the function name
And variable names. We didn't just say that obfuscation has brought about
Should I try to avoid using it?

Dojo
The difference between a compressed object and a similar tool is that it compresses and Obfuscated javascript source code. Many JavaScript obfuscators use regular expressions
To remove spaces and comments. Regular Expressions are prone to invalidation and do not have context information. context is the key to determining the scope of variable names.
. The dojo compressors use the JavaScript engine rhino provided by the Mozilla Foundation.
.

Rhino enables the dojo compressors to determine the context and scope of variable names. Because rhino is a real-time javascript interpreter, do
Jo compressors can determine the scope of the variable name and safely shorten the variable name without causing any problems.

Dojo
The main purpose of the compressors is to maintain the compatibility of Public APIs and ensure that the compressed script functions are consistent with those before compression. Even if the Dojo compressors are reduced
To narrow down the file, not to confuse. The creators of the Dojo compressors believe that obfuscation of JavaScript is meaningless,
Small files are undoubtedly very meaningful. Therefore, the Dojo compressors try to narrow down the file
Achieves a good balance between readability and debuggable performance.