«

JavaScript and CSS programmers have for years, been looking for the
"holy grail", i.e., the ability to hide source code.

Take at look at www.dice.com, do a job search then view source.....
nothing there except JSTL noatation per below:

-------------------------- start -------------------------------------

<!--
* $RCSfile: abbreviated.jsp,v $
* $Author: duket $
* $Date: 2005/06/15 13:36:17 $
-->

<!-- START JSTL_INITIALIZATION -->



<!-- FINISH JSTL_INITIALIZATION -->



------------------------ end -----------------------------------------


Was not aware that a fringe benefit of JSTL was the ability to hide
html source code. How secure is this? Can someone hack it to get the
html source?

I'm one of those Java/JavaScript/CSS programmers that has created
graphics with CSS on Web pages and would like to keep the code
private. I have found a crude way but I like the above better.


Thanks

Mike wrote:
> JavaScript and CSS programmers have for years, been looking for the
> "holy grail", i.e., the ability to hide source code.
>
> Take at look at www.dice.com, do a job search then view source.....
> nothing there except JSTL noatation per below:
>
> -------------------------- start -------------------------------------
>
> <!--
> * $RCSfile: abbreviated.jsp,v $
> * $Author: duket $
> * $Date: 2005/06/15 13:36:17 $
> -->
>
> <!-- START JSTL_INITIALIZATION -->
>
>
>
> <!-- FINISH JSTL_INITIALIZATION -->
>
>
>
> ------------------------ end -----------------------------------------
>
>
> Was not aware that a fringe benefit of JSTL was the ability to hide
> html source code. How secure is this? Can someone hack it to get the
> html source?
>
> I'm one of those Java/JavaScript/CSS programmers that has created
> graphics with CSS on Web pages and would like to keep the code
> private. I have found a crude way but I like the above better.
>
>
> Thanks

You might want to scroll down a few lines...

"shakah" <> wrote in message
news: oups.com...
> Mike wrote:
>> JavaScript and CSS programmers have for years, been looking for the
>> "holy grail", i.e., the ability to hide source code.
>>
>> Take at look at www.dice.com, do a job search then view source.....
>> nothing there except JSTL noatation per below:
>>
>> -------------------------- start -------------------------------------
>>
>> <!--
>> * $RCSfile: abbreviated.jsp,v $
>> * $Author: duket $
>> * $Date: 2005/06/15 13:36:17 $
>> -->
>>
>> <!-- START JSTL_INITIALIZATION -->
>>
>>
>>
>> <!-- FINISH JSTL_INITIALIZATION -->
>>
>>
>>
>> ------------------------ end -----------------------------------------
>>
>>
>> Was not aware that a fringe benefit of JSTL was the ability to hide
>> html source code. How secure is this? Can someone hack it to get the
>> html source?
>>
>> I'm one of those Java/JavaScript/CSS programmers that has created
>> graphics with CSS on Web pages and would like to keep the code
>> private. I have found a crude way but I like the above better.
>>
>>
>> Thanks
>
> You might want to scroll down a few lines...

That gave me a good laugh. =D

Incidentally, I am strongly convinced that it is absolutely impossible
to securely hide the HTML source code, even for very weak definitions of
"securely". Why? Because it's trivial to write a "web browser" which
masquerades as (as an arbitrary example) Internet Explorer, but rather than
rendering the HTML data it receives, to simply dump that data into a plain
text file, without executing any Java, JavaScript or CSS it encounters along
the way.

In fact, I believe most distributions of *nix come with a program called
"wget" which does exactly this.

As a text file, disabling right clicking, hiding the menu bars, and
other such traditional tricks will yield no results because the JavaScript
won't even get executed.

When it comes to HTML, if the browser can read it, a human can read it.
More generally, any data that you send to the client's computer can be read
by the client running the computer (it's called "Packet Sniffing").

- Oliver

Mike <> wrote:
> JavaScript and CSS programmers have for years, been looking for the
> "holy grail", i.e., the ability to hide source code.

And calling it the "holy grail" is a bit generous. At least the Holy
Grail has some small chance of still existing in one piece. The problem
you mention is just plain impossible to completely solve.

> Was not aware that a fringe benefit of JSTL was the ability to hide
> html source code. How secure is this? Can someone hack it to get the
> html source?

The benefit simply doesn't exist. If the page author did something to
hide the HTML source, then it's entirely unrelated to JSTL. You've been
distracted by a red herring.

As someone else mentioned, if you want to see what's really happening
there, you can just use wget to retrieve the page and examine it in a
hex binary editor or a text editor.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation