Intellectual Property Issues - Java Script

After you’ve made all your size and speed improvements, you still must consider protecting your intellectual property. This is something traditional programmers don’t need to worry about because the end product that is shipped to customers is compiled and fairly safe from reverse engineering. When shipping your JavaScript code, you are actually shipping source code, making it public. Although copyright notices and other legal wording can provide a small measure of protection in a court of law, it doesn’t help you keep your code safe in the first place. So what’s a developer to do?

Obfuscating

Obfuscating is the process of mixing up your source code to make it more difficult for prying eyes. ESC, described earlier,does a small amount of obfuscating by replacing variable and function names.This is the most basic form of obfuscating, but there are more.

The Dithered JavaScript compression utility provides an added amount of obfuscation in a unique way: It extracts sequences of characters from the JavaScript code and replaces them with special markers. When the code is executed, these markers are replaced using regular expressions and the entire code is evaluated. For example,consider the DOM code example from the previous section:

Using the JavaScript compression utility, the script becomes the following:

This doesn’t look smaller, but keep in mind that the original script didn’t have tabs, spaces,or new line characters removed (the documentation suggests you use another tool for such optimization before using this utility).

The downside to this sort of obfuscation is that its startup time is slow because of the extra interpretation of the code. However, the overall file size can be cut significantly.

Microsoft Script Encoder (IE only)

If you are sure that your target audience will be using Internet Explorer on Windows, you can take advantage of the Microsoft Script Encoder to protect your code.The Microsoft Script Encoder is command-line program that encodes your JavaScript into completely unreadable code.

To begin, you download the utility from Microsoft details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en). After it is installed, open up a DOS command line window and use the following syntax:

screnc inputfile outputfile

The program accept numerous types of files as input, but for the purposes of encoding JavaScript the only ones of interest are HTML files and external JavaScript (.js) files. When you specify an HTML file for input, any code contained within an inline <script/> element is encoded; for .js files, the entire file is encoded.

For example,the code from the previous section gets encoded into this:

If you specified an HTML file as input, the <script/> element is updated to have a language attribute equal to “JScript.Encoded”; if you specified a .js file as input,you must manually add the language attribute when referencing the file:

Even if someone downloads your code, it’s now impossible to reverse engineer or otherwise figure out. All your JavaScript calls from within an HTML file can be used in the exact same way (meaning you don’t have to worry about encoding your JavaScript calls; just make them as you would normally).

The downside to this technique is that it works only on Internet Explorer on Windows. After it is encoded, the script is essentially useless to any other browsers on any other operating systems. If you are sure that your only users are running IE on Windows (such as in a corporate Intranet), this may be helpful to you. Otherwise it’s best to go with an obfuscating utility that works across all browsers.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Java Script Topics