Non-JS method _ javascript skills for webpage shielding (left and right keys, Code, etc.)

Source: Internet
Author: User
Tags microsoft frontpage
The non-JS method for web page shielding (left and right keys, Code, etc.) has long wanted to write an article about web page source code shielding. This is because, after many JS scripts are compiled, I am also worried that the source code will be seen and stolen. Therefore, I have been trying my best to maintain the security of the source code of my webpage. Although no completely secure blocking method has been found yet (that is to say, these methods have known their weaknesses and cracking methods while I have come up with them), however, I have a lot of blocking ideas here. Let's summarize them.
As we all know, to protect a page, the most basic thing is to shield right-click. The most commonly used function click () on a webpage is the following code:

<Script> function click () {if (event. button = 2) {alert ('Welcome to this website !! ') ;}} Document. onmousedown = click </script> 〉

However, this blocking method is also well known. That is, you can click the left mouse button and right-click to view the right-click menu. However, I have seen a good method of blocking right-click. Its principles are different from those mentioned above. It is not a script written in JS, but a restriction to define webpage attributes. In addition, JavaScript scripts should be avoided as much as possible during blocking. As long as the browser disables the javascript script in IE. All blocking is in vain.
In this case, we will continue to use the method of modifying the webpage attribute to shield right-click the webpage. This method uses the "body" in HTML for modification. It has only one line of code:

〈body oncontextmenu=self.event.returnValue=false〉

Oncontextmenu is defined here. If the right-click value is false, the right-click is blocked. Now, try again to hack the attack method just now. You can no longer right-click the shortcut menu when you press the Left or Right button. No, but try other methods. No matter how messy you are, right-clicking is useless. Because the right-click does not exist on this webpage. What can you do for a nonexistent function key?
However, blocking the right-click operation does not solve the problem. If I want to copy a text clip or an image. Then, press ctrl + C and press ctrl + V to copy and paste it. By the way, what we will talk about next is to shield the left button (what? Shield left button? So this web page is almost useless? Don't worry. If you don't finish it, it's annoying to leave only one function.
As mentioned above, it is useless to use JS to block the website and to eliminate the symptoms. Then, we can use HTML, the most basic language of the web page. Define the <body> 〉. The parameter used this time is onselectstart. Is the left-click selected parameter. The Code is as follows:

〈body onselectstart="return false"〉

In this way, the left-click selection function is easily blocked. The principle is the same as above. Now, it is useless to select any content with your left-click. Naturally, you cannot press ctrl + C or ctrl + V. Now let's merge the two parts. Completely control the left and right keys! :

〈body oncontextmenu=self.event.returnValue=false onselectstart="return false"〉

Now, the left and right keys are solved.

Okay. Now let's look at another question. As you all know, in the "View" item in the menu bar of IE browser. There is a "view source code" option. In this way, although we shield the right-click View Source code. However, you can still see the source code by checking the source code in the menu bar. What should I do?

My initial idea was to use a framework to avoid viewing the source code. That is to say, as long as a Web page is embedded in the framework, only the source code of the Framework web page can be viewed in the menu bar. The general format is as follows:


It seems that the other party does not directly see your source code. However, if a person wants to look at your source code, he can probably understand it. If you understand HTML, you can see what these two sentences mean:

〈frame name="header" scrolling="no" noresize target="main" src="top.htm"〉  〈frame name="main" src="main.htm" scrolling="auto" target="_self"〉

These two sentences mean that the top.htm webpage file in the relative region is used at the top of the header( 网page. The main.htm webpage file is used in the main(also occupies the location of the webpage. These two points are critical, and we will not explain anything else. The above method of hiding source code by using the framework is to display the page in the main section. Set the header size to 0. However, in this way, you can still view the source code of the Framework webpage by checking the source code in the menu bar. As long as you see these two sentences, you will know the method we used earlier. That is to say, you only need to change the name of the Framework webpage to the target webpage, and then you can directly view the source code of the target webpage in the same way. For example, if the source code of frame webpage # Is as above, you can change it #. In this way, you can directly browse the protected web page, and the source code blocking effect is still not achieved.

Some may think that if the other party does not see the source code of the Framework webpage. What do you mean to open the protected webpage directly? Yes. This is what I will talk about next. If you want to view the source code in the menu bar of a page, it will be ineffective. The simplest way is to remove the menu bar. This can be achieved through a pop-up window. The reason why you do not use a hyperlink to open a menu bar window is that the target address is exposed. The viewer can directly enter the address in the browser and bypass the blocked menu bar. To use a hyperlink to open a page without a menu bar, you must use the link in a webpage that has been blocked by source code.
Then, let's take a look at how to remove the menu bar using the pop-up window. What we need to do is to open the target webpage in an advertisement bar. This code is available on almost every large website. The Code is as follows:

〈script〉  〈!--"red.htm", "red", "resizable=yes,width=500,height=300");  --〉  〈/script〉

Hosts web files. At this time, we will talk about a window without a menu bar displaying red.htm. Well, we have achieved our goal. However, this window has a defect that there is no scroll bar. Because there is no parameter about the scroll bar in the window. open statement, (or do I know? You are welcome to send a letter), so we recommend that you only make the webpage navigation page.

However, to cancel the menu bar using the preceding method, you must have a second-party webpage for pop-up. The page used to pop up the window becomes a problem. For example, assume that an index.htm is used for the pop-up window. When index.htmis opened, the red.htm menu bar window is displayed. As we mentioned above, if you know the address of a webpage, you can see its source code whether or not the webpage is hidden in a menu bar. In that case, exposing the red.htm address becomes the key to solving this problem. However, you only need to open the index.htm to see the source code. But if we shut down index.htm? You only need to disable index.htm before the visitor has the permission to keep its source code. So, you have to write some articles in this index.htm.

That is, add the code to close the webpage.

Then, we can use window. close to close the window. The Code is as follows:

〈script〉  〈!--  window.close();  --〉  〈/script〉

Now let's merge the two parts of the Code. Now, the result is that a window without a menu bar is opened. Because the processing speed of the computer is very fast, if we write these two pieces of code together, we can only see the newly created window. The Code is as follows:

〈script〉  〈!--"red.htm", "red", "resizable=yes,width=500,height=300");  window.close();  --〉  〈/script〉

The original window was closed without notice. In this way, let alone view the source code of the webpage. Here, the webpage with the source code above serves as a stepping stone. But here, we should pay attention to the following points. First, the name of the webpage used for board jumping is index.htm. Change the default homepage name to a new one. In this way, the browser can automatically access the page after entering the network. But does not let the other party know the name of the page. Otherwise, the other party may guess the location of the page. For example, In this way, you can View the Source code of the page by submitting View-Source: # in the browser.

After shielding the menu bar and toolbar, we thought, how nice would it be if there were no top windows? The premise for us to do the following is to open a window without a menu bar on the stepping stone page as mentioned above. What should we do? Let's show only the content in the website content window. (Yes, isn't the website browsed by others? What are the functions of browsers and windows ......) All content is removed. We can use Javascript. The following code defines features without any window:

〈script〉  function open1(url){,'newwindow','fullscreen=1')  newwin.resizeTo(800,600)  newwin.moveTo(screen.width/0-800,screen.height/0-600)  }  〈/script〉

Function open1 (url) defines the hyperlink writing method. Therefore, when writing the link address, we should write javascript: open1 (url) as follows ). For example, to open a Sina Homepage without window features, you should write javascript: open1 ('HTTP: ') in a text or image hyperlink '). Of course, the brackets also support relative paths. The final format should be:

〈script〉  function open1(url){,'newwindow','fullscreen=1')  newwin.resizeTo(800,600)  newwin.moveTo(screen.width/0-800,screen.height/0-600)  }  〈/script〉  〈body oncontextmenu=self.event.returnValue=false onselectstart="return false"〉  〈td width="100%"〉〈a href="javascript:open1('main.htm'),window.close()"〉〈img border="0" src="pic/blank1.gif" style="position: absolute; left: 556; top: 142" width="169" height="57"〉〈/a〉〈/td〉  〈/body〉

In this way, we can open a webpage without a window. In addition, the scroll bar is automatically added to the webpage, so that the following content will not be visible as before.

The last thing we need to do is encrypt every page or key page that you think is important. I don't need to talk about how to encrypt the source code of a webpage? There are everywhere on the Internet. You can use tools or write an htm file for conversion. For the encryption software, I recommend "Batch HTML Encryptor". Go to google to find it. The code for converting encrypted Web pages is as follows:

<HTML> <HEAD> <TITLE> webpage encryption and decryption </TITLE> <META http-equiv = Content-Type content = "text/html; charset = gb2312 "> <META content =" MSHTML 6.00.2600.0 "name = GENERATOR> <〉〈! -- Software studio --> <LINK href = "/style.css" rel = stylesheet> <META content = "Microsoft FrontPage 4.0" name = GENERATOR> </HEAD> <BODY bgColor = # ffffff leftMargin = 0 topMargin = 0 onload = initStyleElements ()> <p style = "LEFT: 139px; WIDTH: pixel PX; POSITION: absolute; TOP: 52px; HEIGHT: 36px "> <TABLE cellSpacing = 0 cellPadding = 0 width = 760 align = center border = 0> <〉〈! -- DWLayoutTable --> <TBODY> <TR> <TD vAlign = top align = middle width = 760 height = 310> <p align = center> <H2> <SCRIPT language = JavaScript> 〉 <〈! -- Var I = 0; var ie = (document. all )? 1:0; var ns = (document. layers )? 1:0; function initStyleElements ()/* Styles for Buttons Init */{var c = document. pad; if (ie) {// c. text. style. backgroundColor = "# DDDDDD"; c. compileIt. style. backgroundColor = "# C0C0A8"; c. compileIt. style. cursor = "hand"; c. select. style. backgroundColor = "# C0C0A8"; c. select. style. cursor = "hand"; c. view. style. backgroundColor = "# C0C0A8"; c. view. style. cursor = "hand"; c. retur. style. backgroundColor = "# C0C0A8"; c. Retur. style. cursor = "hand"; c. clear. style. backgroundColor = "# C0C0A8"; c. clear. style. cursor = "hand";} else return;}/* Buttons Enlightment of "Compilation" panel */function LightOn (what) {if (ie) what. style. backgroundColor = '# E0E0D0'; else return;} function FocusOn (what) {if (ie) what. style. backgroundColor = '# ebebeb'; else return;} function LightOut (what) {if (ie) what. style. backgroundColor = '# C0C0A8'; else return;} function FocusOff (what) {if (ie) what. style. backgroundColor = '# dddddd'; else return;}/* Buttons Enlightment of "Compilation" panel */function generate ()/* Generation of "Compilation" */{code = document. pad. text. value; if (code) {document. pad. text. value = 'compiling... please wait! '; SetTimeout ("compile ()", 1000);} else alert ('first enter something to compile and then press CompileIt')} function compile () /* The "Compilation" */{document. pad. text. value = ''; compilation = escape (code); document. pad. text. value = "/<script> \ n <〈! -- \ Ndocument. write (unescape (\ "" + compilation + "\"); \ n // --> \ n <\/script> "; I ++; if (I = 1) alert ("Page compiled 1 time! "); Else alert (" Page compiled "+ I +" times! ");} Function selectCode ()/* Selecting" Compilation "for Copying */{if (document. pad. text. value. length> 0) {document. pad. text. focus (); document. pad. text. select ();} else alert ('Nothing for be selected! ')} Function preview ()/* Preview for the "Compilation" */{if (document. pad. text. value. length> 0) {pr = window. open ("", "Preview", "scrollbars = 1, menubar = 1, status = 1, width = 700, height = 320, left = 50, top = 110 "); pr.doc ument. write (document. pad. text. value);} else alert ('Nothing for be previewed! ')} Function uncompile ()/* Decompiling a "Compilation" */{if (document. pad. text. value. length> 0) {source = unescape (document. pad. text. value); document. pad. text. value = "" + source + "";} else alert (You need compiled code to uncompile it! ')} // --> </SCRIPT> <BR> <B> <FONT color = #333333> webpage HTML source code encryption and decryption tool </FONT> </B> </H2> <〉〈/ p> <TABLE cellSpacing = 0 borderColorDark = #000000 cellPadding = 10 width = 750 align = center borderColorLight = # ffffff border = 2> <TBODY> <TR> <TD> <p align = center> <BR> paste your source code to the editing area. <BR> <TABLE cellSpacing = 0 cellPadding = 0 width = "100%" border = 0> <TBODY> 〉 <TR> <TD width = "100%"> <"〉〈! -- Compilation Panel --> <FORM name = pad method = post align = "center"> <p align = center> <TEXTAREA style = "WIDTH: 95%; BACKGROUND-COLOR: # ebebeb "name = text rows = 11 cols = 58> </TEXTAREA> <BR> <INPUT onmouseover = LightOn (this) onclick = generate () onmouseout = LightOut (this) type = button value = encrypted name = compileIt> <INPUT onmouseover = LightOn (this) onclick = selectCode () onmouseout = LightOut (this) type = button valu E = select all name = select> <INPUT onmouseover = LightOn (this) onclick = preview () onmouseout = LightOut (this) type = button value = preview name = view> <INPUT onmouseover = LightOn (this) onclick = uncompile () onmouseout = LightOut (this) type = button value = decryption name = retur> <INPUT onmouseover = LightOn (this) onmouseout = LightOut (this) type = reset value = clear name = clear> </p> </FORM> <〉〈! -- Compilation Panel --> </TD> </TR> </TBODY> </TABLE> </p> </TD> </TR> </TBODY> </TABLE> <p align = center> <BR> </p> <p align = center> </p> </TD> </TR> </TBODY> </TABLE> 〉 </p> </BODY> </HTML> 〉

To sum up ...... Based on my ideas, the source code of blocked web pages is divided into the following steps:

1. Create a webpage stepping stone, pop up the advertisement page to be protected, and close itself to avoid leaking the address of the webpage to be protected.

2. Because the above conditions shield the source code of the webpage in the advertisement bar, you can use this webpage as the welcome page.

3. On the welcome page, use Javascript to display website content in a new window without window edge in the form of hyper-connection.

4. encrypt the source code of each page or an important key page, and add a lock to the source code. (Some people say it is useless to encrypt the source code, but I think it is necessary to use an alternative encryption method. For example, the software encryption method is very common. However, the source code encrypted with an htm file written by me cannot be decrypted by general software. If you are interested, try it .)

5. The last thing I have to mention is the temporary windows webpage folder, which will record the source code. But you don't have to worry about it. By adding a code, you can enable windows to directly browse without downloading the source code of the webpage. You can look for it.

Note the following:

1. The statement used to automatically close a web page: window. close () has a drawback. The system will ask whether to close the window before closing the window. If you choose not to close the window, the purpose will not be reached.

2. All of the above are only valid for IE browsers. If other browsers are used for browsing, blocking may fail.

3. Web page source code shielding has always been beyond reach. I just wrote down my ideas. The specific implementation depends on everyone's own research.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.