Phosphorus and Lime
A Developer's Broadsheet
This blog has been deprecated. Please visit my new blog at klenwell.com/press.
Wednesday, August 23, 2006
JS: a php javascript pseudo-compiler
Actually it's script obfuscator, of sorts. It is meant to make your javascript files functional yet inaccessible. It's based on this script. I attempted to package the concept a little more neatly.
It works as far as I've investigated, but that has only been as far as Firefox and IE 6.
NOTE: falsifier found. save complete web page in IE or Firefox and it renders visible the js portion of the js_script.php page
I imagine it would be possible to conceal the js script more effectively using this basic concept together with some conditional file operations, but I'll have to come back to this.
php_js_compiler.inc.php
function js_php_run($js_path)
{
// *** DATA
// *** MANIPULATE
// start session
if ( session_id() == '' ) session_start();
// set session compile flag
$_SESSION['compile_js'] = 1;
// build script link
$script_link = '<script language="JavaScript" src="' . $js_path . '"></script>';
// *** RETURN
// print this below in html doc head section
return $script_link;
}
function js_php_compile()
{
// start session
session_start();
// check flag
if ( !$_SESSION['compile_js'] ) die('js compile error');
// reset flag
$_SESSION['compile_js'] = 0;
// send content header
header("Content-type: application/x-javascript");
// return
return;
}
?>
js_script.php
js_compiler_test.php
an online demo: js_compiler_test.php
It works as far as I've investigated, but that has only been as far as Firefox and IE 6.
NOTE: falsifier found. save complete web page in IE or Firefox and it renders visible the js portion of the js_script.php page
I imagine it would be possible to conceal the js script more effectively using this basic concept together with some conditional file operations, but I'll have to come back to this.
php_js_compiler.inc.php
function js_php_run($js_path)
{
// *** DATA
// *** MANIPULATE
// start session
if ( session_id() == '' ) session_start();
// set session compile flag
$_SESSION['compile_js'] = 1;
// build script link
$script_link = '<script language="JavaScript" src="' . $js_path . '"></script>';
// *** RETURN
// print this below in html doc head section
return $script_link;
}
function js_php_compile()
{
// start session
session_start();
// check flag
if ( !$_SESSION['compile_js'] ) die('js compile error');
// reset flag
$_SESSION['compile_js'] = 0;
// send content header
header("Content-type: application/x-javascript");
// return
return;
}
?>
js_script.php
require_once('php_js_compiler.inc.php');
js_php_compile();
?>
// if you can read the following word, this js protection scheme has failed: WORD
//any javascript can go in here
alert("js compiler enabled");
js_php_compile();
?>
// if you can read the following word, this js protection scheme has failed: WORD
//any javascript can go in here
alert("js compiler enabled");
js_compiler_test.php
<?php
require_once('php_js_compiler.inc.php');
$js_path = 'js_script.php';
$js_link = js_php_run($js_path);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>javascript protector?</title>
<!-- JS File Calls -->
<!-- <script language="JavaScript" src="js_script.php"></script> -->
<?php echo $js_link; ?>
</head>
<body>
<h2>test in progress</h2>
<p>if javascript is enabled on your computer, you should have seen a javascript alert
pop-up.</p>
<p>however, if you try to view the source directly in your browser, you should get an error message.</p>
<a href="js_script.php">source file : js_script.php</a>
</body>
</html>
require_once('php_js_compiler.inc.php');
$js_path = 'js_script.php';
$js_link = js_php_run($js_path);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>javascript protector?</title>
<!-- JS File Calls -->
<!-- <script language="JavaScript" src="js_script.php"></script> -->
<?php echo $js_link; ?>
</head>
<body>
<h2>test in progress</h2>
<p>if javascript is enabled on your computer, you should have seen a javascript alert
pop-up.</p>
<p>however, if you try to view the source directly in your browser, you should get an error message.</p>
<a href="js_script.php">source file : js_script.php</a>
</body>
</html>
an online demo: js_compiler_test.php
some rights reserved, © 2006