Page 1/2 of non-JS methods for webpage shielding (left and right keys, Code, etc.)

Source: Internet
Author: User

I wanted to write an article about source code shielding on the web page for a long time. This is because, after many JS scripts are compiled, I am also worried that the source code will be seen and stolen. Therefore, I have been trying my best to maintain the security of the source code of my webpage. Although no completely secure blocking method has been found yet (that is to say, these methods have known their weaknesses and cracking methods while I have come up with them), however, I have a lot of blocking ideas here. Let's summarize them.
As we all know, to protect a page, the most basic thing is to shield right-click. The most commonly used function click () on a webpage is the following code:



<Script> 〉
Function click (){
If (event. button = 2 ){
Alert ('Welcome to this website !! ');
}
}
Document. onmousedown = click
</Script> 〉


However, this blocking method is also well known. That is, you can click the left mouse button and right-click to view the right-click menu. However, I have seen a good method of blocking right-click. Its principles are different from those mentioned above. It is not a script written in JS, but a restriction to define webpage attributes. In addition, JavaScript scripts should be avoided as much as possible during blocking. As long as the browser disables the javascript script in IE. All blocking is in vain.

In this case, we will continue to use the method of modifying the webpage attribute to shield right-click the webpage. This method uses the "body" in HTML for modification. It has only one line of code:


<Body oncontextmenu = self. event. returnValue = false> 〉


Oncontextmenu is defined here. If the right-click value is false, the right-click is blocked. Now, try again to hack the attack method just now. You can no longer right-click the shortcut menu when you press the Left or Right button. No, but try other methods. No matter how messy you are, right-clicking is useless. Because the right-click does not exist on this webpage. What can you do for a nonexistent function key?

However, blocking the right-click operation does not solve the problem. If I want to copy a text clip or an image. Then, press ctrl + C and press ctrl + V to copy and paste it. By the way, what we will talk about next is to shield the left button (what? Shield left button? So this web page is almost useless? Don't worry. If you don't finish it, it's annoying to leave only one function.

As mentioned above, it is useless to use JS to block the website and to eliminate the symptoms. Then, we can use HTML, the most basic language of the web page. Define the <body> 〉. The parameter used this time is onselectstart. Is the left-click selected parameter. The Code is as follows:


<Body onselectstart = "return false"> "〉


In this way, the left-click selection function is easily blocked. The principle is the same as above. Now, it is useless to select any content with your left-click. Naturally, you cannot press ctrl + C or ctrl + V. Now let's merge the two parts. Completely control the left and right keys! :


<Body oncontextmenu = self. event. returnValue = false onselectstart = "return false"> "〉


Now, the left and right keys are solved.

Okay. Now let's look at another question. As you all know, in the "View" item in the menu bar of IE browser. There is a "view source code" option. In this way, although we shield the right-click View Source code. However, you can still see the source code by checking the source code in the menu bar. What should I do?

My initial idea was to use a framework to avoid viewing the source code. That is to say, as long as a Web page is embedded in the framework, only the source code of the Framework web page can be viewed in the menu bar. The general format is as follows:


<Html> 〉
<Head> 〉
<Meta HTTP-EQUIV = "Content-Type" CONTENT = "text/html; charset = gb2312"> "〉
<Title> title of this website </title> 〉
</Head> 〉

<Frameset rows = "47, *" framespacing = "0" border = "0" frameborder = "0"> "〉
<Frame name = "header" scrolling = "no" noresize target = "main" src = "top.htm"> "〉
<Frame name = "main" src = "main.htm" scrolling = "auto" target = "_ self"> "〉
<Noframes> 〉
<Body> 〉

<P> This webpage uses a framework, but your browser does not support the framework. </P> 〉

</Body> 〉
</Noframes> 〉
</Frameset> 〉

</Html> 〉


It seems that the other party does not directly see your source code. However, if a person wants to look at your source code, he can probably understand it. If you understand HTML, you can see what these two sentences mean:


<Frame name = "header" scrolling = "no" noresize target = "main" src = "top.htm"> "〉
<Frame name = "main" src = "main.htm" scrolling = "auto" target = "_ self"> "〉


These two sentences mean that the top.htm webpage file in the relative region is used at the top of the header( 网page. The main.htm webpage file is used in the main(also occupies the location of the webpage. These two points are critical, and we will not explain anything else. The above method of hiding source code by using the framework is to display the page in the main section. Set the header size to 0. However, in this way, you can still view the source code of the Framework webpage by checking the source code in the menu bar. As long as you see these two sentences, you will know the method we used earlier. That is to say, you only need to change the name of the Framework webpage to the target webpage, and then you can directly view the source code of the target webpage in the same way. For example, frame webpage: Ghost. In this way, you can directly browse the protected web page, and the source code blocking effect is still not achieved.

Some may think that if the other party does not see the source code of the Framework webpage. What do you mean to open the protected webpage directly? Yes. This is what I will talk about next. If you want to view the source code in the menu bar of a page, it will be ineffective. The simplest way is to remove the menu bar. This can be achieved through a pop-up window. The reason why you do not use a hyperlink to open a menu bar window is that the target address is exposed. The viewer can directly enter the address in the browser and bypass the blocked menu bar. To use a hyperlink to open a page without a menu bar, you must use the link in a webpage that has been blocked by source code.

Then, let's take a look at how to remove the menu bar using the pop-up window. What we need to do is to open the target webpage in an advertisement bar. This code is available on almost every large website. The Code is as follows:


<Script> 〉
<〈! --
Window. open ("red.htm", "red", "resizable = yes, width = 500, height = 300 ");
--> --〉
</Script> 〉


Hosts web files. At this time, we will talk about a window without a menu bar displaying red.htm. Well, we have achieved our goal. However, this window has a defect that there is no scroll bar. Because there is no parameter about the scroll bar in the window. open statement, (or do I know? You are welcome to send a letter), so we recommend that you only make the webpage navigation page.

However, to cancel the menu bar using the preceding method, you must have a second-party webpage for pop-up. The page used to pop up the window becomes a problem. For example, assume that an index.htm is used for the pop-up window. When index.htmis opened, the red.htm menu bar window is displayed. As we mentioned above, if you know the address of a webpage, you can see its source code whether or not the webpage is hidden in a menu bar. In that case, exposing the red.htm address becomes the key to solving this problem. However, you only need to open the index.htm to see the source code. But if we shut down index.htm? You only need to disable index.htm before the visitor has the permission to keep its source code. So, you have to write some articles in this index.htm.

That is, add the code to close the webpage.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.