Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > Hide HTML Source Code

Reply
Thread Tools

Hide HTML Source Code

 
 
Benjamin Niemann
Guest
Posts: n/a
 
      05-29-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> On May 29, 3:41 pm, Benjamin Niemann <(E-Mail Removed)> wrote:
>> (E-Mail Removed) wrote:
>> > HidingHTMLsourcecodeis possible. It requires JavaScript, but there
>> > is no need to encryptHTMLoutput or do anything else which would
>> > decrease performance. I discovered this about five years ago, but at
>> > that time it would have been considered bad practice in regards to
>> > cross-browser-compatibility. Now that AJAX has become a programming
>> > standard, the time has come to let this loose on the the public. I
>> > won't tell you how I do it, but I will provide you with a working
>> > example.

>>
>> >http://www.smart-cgi.com/api/

>>
>> > If anyone is able to crack this, I would appreciate the feedback.

>>
>> http://www.smart-cgi.com/api/rss.php...s.yahoo.com/rs...
>>
>> so what?

>
> Try this again:
>
>> http://www.smart-cgi.com/api/rss.php....yahoo.com/rss

>
> and no I haven't moved, renamed or changed the output of this page.


wget -O - -q --referer=http://www.smart-cgi.com/api/js.js \
http://www.smart-cgi.com/api/rss.php...rss/topstories

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de/
 
Reply With Quote
 
 
 
 
ad@albert-dominguez.de
Guest
Posts: n/a
 
      05-29-2007
On May 29, 7:12 pm, Benjamin Niemann <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:
> > On May 29, 3:41 pm, Benjamin Niemann <(E-Mail Removed)> wrote:
> >> (E-Mail Removed) wrote:
> >> > HidingHTMLsourcecodeis possible. It requires JavaScript, but there
> >> > is no need to encryptHTMLoutput or do anything else which would
> >> > decrease performance. I discovered this about five years ago, but at
> >> > that time it would have been considered bad practice in regards to
> >> > cross-browser-compatibility. Now that AJAX has become a programming
> >> > standard, the time has come to let this loose on the the public. I
> >> > won't tell you how I do it, but I will provide you with a working
> >> > example.

>
> >> >http://www.smart-cgi.com/api/

>
> >> > If anyone is able to crack this, I would appreciate the feedback.

>
> >>http://www.smart-cgi.com/api/rss.php...s.yahoo.com/rs...

>
> >> so what?

>
> > Try this again:

>
> >>http://www.smart-cgi.com/api/rss.php....yahoo.com/rss

>
> > and no I haven't moved, renamed or changed the output of this page.

>
> wget -O - -q --referer=http://www.smart-cgi.com/api/js.js\http://www.smart-cgi.com/api/rss.php...s.yahoo.com/rs...
>
> --
> Benjamin Niemann
> Email: pink at odahoda dot de
> WWW:http://pink.odahoda.de/


Auch schon erledigt. Danke!

> wget -O - -q --referer=http://www.smart-cgi.com/api/js.js\http://www.smart-cgi.com/api/rss.php....yahoo.com/rss


 
Reply With Quote
 
 
 
 
Harlan Messinger
Guest
Posts: n/a
 
      05-29-2007
(E-Mail Removed) wrote:
> Hiding HTML source code is possible. It requires JavaScript, but there
> is no need to encrypt HTML output or do anything else which would
> decrease performance. I discovered this about five years ago, but at
> that time it would have been considered bad practice in regards to
> cross-browser-compatibility. Now that AJAX has become a programming
> standard, the time has come to let this loose on the the public. I
> won't tell you how I do it, but I will provide you with a working
> example.
>
> http://www.smart-cgi.com/api/
>
> If anyone is able to crack this, I would appreciate the feedback.


Firefox's DOM Inspector--from the context menu for the HTML element,
Copy XML to get the following on the Windows clipboard:

<HTML lang="en" dir="ltr" xml:lang="en"
xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<SCRIPT type="text/javascript" src="./js.js"/>
<TITLE>
Smart-CGI.com </TITLE>
<META content="text/html; charset=UTF-8" http-equiv="Content-Type"/>
<LINK type="text/css" href="./default.css" rel="stylesheet"/>
</HEAD>
<BODY onload="getNav('http://rss.news.yahoo.com/rss/topstories',
urls);getXml('http://rss.news.yahoo.com/rss/topstories');return false;">
<DIV class="headmast">
<A href="../">
<IMG style="border: medium none ; padding-left: 8px;"
alt="Smart-CGI.com" src="../img/logo.gif"/>
</A>
</DIV>
<DIV id="nav">
<DIV class="navWrapper">
<H1 class="navBlur">
Top Stories </H1>
<H1 class="navFocus">
<A
onclick="getNav(this.id,
urls);getXml('http://rss.news.yahoo.com/rss/world');return false;"
id="http://rss.news.yahoo.com/rss/world" class="nav"
href="javascript:">
World News </A>
</H1>
<H1 class="navFocus">
<A
onclick="getNav(this.id,
urls);getXml('http://rss.news.yahoo.com/rss/us');return false;"
id="http://rss.news.yahoo.com/rss/us" class="nav"
href="javascript:">
U.S. News </A>
</H1>

[etc.]
It isn't the original source code, but it generates the equivalent page.
 
Reply With Quote
 
Benjamin Niemann
Guest
Posts: n/a
 
      05-29-2007
(E-Mail Removed) wrote:

> On May 29, 7:12 pm, Benjamin Niemann <(E-Mail Removed)> wrote:
>> wget -O - -q --referer=http://www.smart-cgi.com/api/js.js\
>> http://www.smart-cgi.com/api/rss.php...s.yahoo.com/rs...

>
> Auch schon erledigt. Danke!


What has changed? I don't see a difference.
And even if - we could keep playing this game endlessly.
You have to realize that your approach suffers from the same fundamental
flaw as any other "IP protection": There is *no* way, your script could
reliably differenciate between legitimate and 'bad' requests. It only sees
a stream of incoming octets, which can be arbitrarily forged to mimic
a 'legitimate visitor'.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de/
 
Reply With Quote
 
Ed Mullen
Guest
Posts: n/a
 
      05-29-2007
JWS wrote:
> (E-Mail Removed) wrote:
>
>> http://www.smart-cgi.com/api/
>>
>> If anyone is able to crack this, I would appreciate the feedback.

>
> Just clicking file, save page as, web page complete (in Mozilla
> Seamonkey) reveals the whole sorry mess. No cracking is involved.


Or also access the info via the browser cache (Mozilla, SeaMonkey, Firefox):

about:cache?device=disk
about:cache?device=memory

--
Ed Mullen
http://edmullen.net
http://mozilla.edmullen.net
http://abington.edmullen.net
 
Reply With Quote
 
n0ctis
Guest
Posts: n/a
 
      05-29-2007
If it exists, it is obtainable. If the browser can read it, so can you.
 
Reply With Quote
 
Samuel van Laere
Guest
Posts: n/a
 
      05-29-2007
<(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed) oups.com...
>
> If anyone is able to crack this, I would appreciate the feedback.
>


I don't get it, under IE I use the Instant Source plugin and it displays the
source straight away.
So what is hidden??

Cheers,
Sam


 
Reply With Quote
 
dorayme
Guest
Posts: n/a
 
      05-29-2007
In article <465c505a$0$16946$(E-Mail Removed)>,
JWS <(E-Mail Removed)> wrote:

> (E-Mail Removed) wrote:
>
> > http://www.smart-cgi.com/api/
> >
> > If anyone is able to crack this, I would appreciate the feedback.

>
> Just clicking file, save page as, web page complete (in Mozilla
> Seamonkey) reveals the whole sorry mess. No cracking is involved.


And so too in Safari.

--
dorayme
 
Reply With Quote
 
dorayme
Guest
Posts: n/a
 
      05-29-2007
In article <(E-Mail Removed)>,
Harlan Messinger <(E-Mail Removed)> wrote:

> (E-Mail Removed) wrote:
> > Hiding HTML source code is possible. It requires JavaScript, but there
> > is no need to encrypt HTML output or do anything else which would
> > decrease performance. I discovered this about five years ago, but at
> > that time it would have been considered bad practice in regards to
> > cross-browser-compatibility. Now that AJAX has become a programming
> > standard, the time has come to let this loose on the the public. I
> > won't tell you how I do it, but I will provide you with a working
> > example.
> >
> > http://www.smart-cgi.com/api/
> >
> > If anyone is able to crack this, I would appreciate the feedback.

>
> Firefox's DOM Inspector--from the context menu for the HTML element,
> Copy XML to get the following on the Windows clipboard:
>
> <HTML lang="en" dir="ltr" xml:lang="en"
> xmlns="http://www.w3.org/1999/xhtml">
> <HEAD>
> <SCRIPT type="text/javascript" src="./js.js"/>
> <TITLE>
> Smart-CGI.com </TITL ...


etc

On FF 2.0.0.3 on Mac, this technique gets only this on the Mac
clipboard:

<HTML>
<HEAD>
<SCRIPT type="text/javascript" src="./js.js"/>
</HEAD>
<BODY/>
</HTML>

--
dorayme
 
Reply With Quote
 
Neredbojias
Guest
Posts: n/a
 
      05-30-2007
On Tue, 29 May 2007 13:14:07 GMT scribed:

> Hiding HTML source code is possible.


No, it isn't. Try Flash or something like that. It may be possible to
hide that source code, but dunno fo' sure.

--
Neredbojias
He who laughs last sounds like an idiot.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to hide your source code? Immortal Nephi C++ 1 08-10-2009 07:41 AM
Hide contents in source code mrajanikrishna@gmail.com ASP .Net 1 06-20-2008 05:49 PM
can we show the value in source code but hide it in the screen? jrefactors@hotmail.com ASP General 5 09-07-2005 04:02 AM
is there a way to "include" source file B.html in source file A.html? Cloud Burst HTML 11 01-09-2004 02:49 AM
hide my source code/ ross HTML 17 06-28-2003 08:35 PM



Advertisments