How can I obfuscate (protect) JavaScript?

I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code? Is this possible?


Obfuscation:

Try YUI Compressor . It's a very popular tool, built, enhanced and maintained by the Yahoo UI team.

You may also use:

  • Google Closure Compiler
  • UglifyJS
  • Private String Data:

    Keeping string values private is a different concern, and obfuscation won't really be of much benefit. Of course, by packaging up your source into a garbled, minified mess, you have a light version of security through obscurity . Most of the time, it's your user who is viewing the source, and the string values on the client are intended for their use, so that sort of private string value isn't often necessary.

    If you really had a value that you never wanted a user to see, you would have a couple of options. First, you could do some kind of encryption, which is decrypted at page load. That would probably be one of the most secure options, but also a lot of work which may be unnecessary. You could probably base64 encode some string values, and that would be easier.. but someone who really wanted those string values could easily decode them . Encryption is the only way to truly prevent anyone from accessing your data, and most people find that to be more security than they need.

    Sidenote:

    Obfuscation in Javascript has been known to cause some bugs. The obfuscators are getting a little better about it, but many outfits decide that they see enough benefit from minifying and gzipping , and the added savings of obfuscation isn't always worth the trouble . If you're trying to protect your source, maybe you'll decide that it's worth your while, just to make your code harder to read. JSMin is a good alternative.


    I'm surprised no one has mentioned Google's Closure Compiler. It doesn't just minify/compress, it analyzes to find and remove unused code, and rewrites for maximum minification. It can also do type checking and will warn about syntax errors.

    JQuery recently switched from YUI Compresser to Closure Compiler, and saw a "solid improvement"


    Obfuscation can never really work. For anyone who really wants to get at your code, it's just a speed bump. Worse, it keeps your users from fixing bugs (and shipping the fixes back to you), and makes it harder for you to diagnose problems in the field. Its a waste of your time and money.

    Talk to a lawyer about intellectual property law and what your legal options are. "Open Source" does not mean "people can read the source". Instead, Open Source is a particular licensing model granting permission to freely use and modify your code. If you don't grant such a license then people copying your code are in violation and (in most of the world) you have legal options to stop them.

    The only way you can really protect your code is to not ship it. Move the important code server-side and have your public Javascript code do Ajax calls to it.

    See my full answer about obfuscators here.

    链接地址: http://www.djcxy.com/p/73594.html

    上一篇: 有没有PHP的代码混淆器?

    下一篇: 我怎样才能混淆(保护)JavaScript?