Como posso esconder ou encriptar o código JavaScript? [duplicado]

Você pode tentar o script de Acção compilado na forma de um filme em flash.

Embora todos concordem geralmente que a encriptação Javascript é uma má ideia, Existem alguns casos de Utilização pequenos em que abrandar o ataque é melhor do que nada. Você pode começar com Compressor YUI (como @Ben Alpert) disse, ou JSMin, Uglify, ou muitos mais.

Embora não seja exactamente um codificador Javascript puro, o melhor codificador html que encontrei é http://hivelogic.com/enkoder vai virar isto:

<script type="text/javascript">
//<![CDATA[
<!--
var c=function(e) { var m="mail" + "to:webmaster";var a="somedomain"; e.href = m+"@"+a+".com";  
};
//-->
//]]>
</script>
<a href="#" onclick="return c(this);"><img src="images/email.png" /></a>

<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",ol=x.length,l=ol;while(x.charCodeAt(l/13)!" +
"=50){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o" +
".substr(0,ol);}f(\")87,\\\"meozp?410\\\\=220\\\\s-dvwggd130\\\\#-2o,V_PY420" +
"\\\\I\\\\\\\\_V[\\\\\\\\620\\\\o710\\\\RB\\\\\\\\610\\\\JAB620\\\\720\\\\n\\"+
"\\{530\\\\410\\\\WJJU010\\\\|>snnn|j5J(771\\\\p{}saa-.W)+T:``vk\\\"\\\\`<02" +
"0\\\\!610\\\\'Dr\\\\010\\\\630\\\\400\\\\620\\\\700\\\\\\\\\\\\N730\\\\,530" +
"\\\\2S16EF600\\\\;420\\\\9ZNONO1200\\\\/000\\\\`'7400\\\\%n\\\\!010\\\\hpr\\"+
"\\= -cn720\\\\a(ce230\\\\500\\\\f730\\\\i,`200\\\\630\\\\[YIR720\\\\]720\\\\"+
"r\\\\720\\\\h][P]@JHADY310\\\\t230\\\\G500\\\\VBT230\\\\200\\\\Clxhh{tzra/{" +
"g0M0$./Pgche%Z8i#p`v^600\\\\\\\\\\\\R730\\\\Q620\\\\030\\\\730\\\\100\\\\72" +
"0\\\\530\\\\700\\\\720\\\\M410\\\\N730\\\\r\\\\530\\\\400\\\\4420\\\\8OM771" +
"\\\\`4400\\\\$010\\\\t\\\\120\\\\230\\\\r\\\\610\\\\310\\\\530\\\\e~o120\\\\"+
"RfJjn\\\\020\\\\lZ\\\\\\\\CZEWCV771\\\\v5lnqf2R1ox771\\\\p\\\"\\\\tr\\\\220" +
"\\\\310\\\\420\\\\600\\\\OSG300\\\\700\\\\410\\\\320\\\\410\\\\120\\\\620\\" +
"\\q)5<: 0>+\\\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;" +
"721=%y;++y)87<i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\\\"\\\"=o,i rav{)y,x(f noit" +
"cnuf\")"                                                                     ;
while(x=eval(x));
//-->
//]]>
</script>

Um dos melhores compressores (NÃO especificamente um ofuscador) é o Compressor YUI.

Se tiver alguma coisa em particular que queira esconder (como um algoritmo proprietário), coloque-a no servidor, ou coloque-a num filme Flash e ligue-lhe com JavaScript. A escrita de ActionScript é muito semelhante à escrita de JavaScript, e você pode se comunicar entre JavaScript e ActionScript. Podes fazer o mesmo com a luz prateada, mas a luz prateada não tem o Flash de penetração.

Então a resposta curta é: você não pode fazer isso

JavaScript é uma linguagem de script e, portanto, permanece em forma legível humana até que seja hora de ser interpretado e executado pelo tempo de execução JavaScript.

Eu sei que este é um tópico antigo, mas eu gostaria apenas de adicionar um método de esconder os seus scripts, nem que fosse apenas para torná-lo um pouco mais difícil de ver. A chave é usar o AJAX e fazê-lo correr totalmente em sincronia com os seus scripts do lado do servidor como o Php. Assim, todo o algoritmo não está totalmente exposto e seria totalmente sem sentido para qualquer um que queira roubar os seus códigos. Claro que não é uma solução 100% infalível, uma vez que seus scripts do lado do cliente seria e ainda pode ser exposto se você carrega no F12, por exemplo. Além disso, se seus scripts java dependem de um monte de processo do lado do servidor, então não haveria realmente necessidade de se preocupar em tudo em primeiro lugar.

Neste programa, o conteúdo verdadeiro - os seus programas do lado do cliente - só são recuperados através do método get (ps: você ainda pode ver o conteúdo seguindo o url - para evitar isso, use o método post):

<?Php
//THE FOLLOWING VARIABLE IS ADDED TO ENABLE TOGGLING OF THIS FUNCTIONALITY:
$obscureScripts = TRUE;

//IF OBSCURE SCRIPT FUNCTIONALITY IS ALLOWED,
//THE SYSTEM SHOULD ONLY ALLOW REQUESTS TRIGGERED BY SPECIFIED GET METHOD
//OTHER THAN THAT, OR UNLESS $_GET['fetch'] == 'content', PERFORM THE FOLLOWING SCRIPTS:
if ($obscureScripts && !(isset($_GET['fetch']) && $_GET['fetch'] == 'content'))
{   //OPEN A SESSION
    session_start();

    //CREATE AN INDICATOR THAT THIS METHOD HAS BEEN USED
    $_SESSION['obscr'] = 'set';

    //CLOSE SESSION WRITER
    session_write_close();

    //ECHO THE FAKE CONTENTS OF YOUR PAGE
    echo    "<script type='text/javascript' src='plugins/jquery-1.9.0.min.js'></script> \n".
        "<script>                                   \n".
        "$.get                                      \n".
        "(  '?fetch=content',                           \n".
        "   function(data)                              \n".
        "   {   $('body').fadeOut                       \n".
        "       (   function()                      \n".
        "           {   $(this).empty().html(data).fadeIn(100);     \n".
        "           }                           \n".
        "       );                              \n".
        "   }                                   \n".
        ");                                     \n".
        "</script>                                  \n".
        "<html><head><title>Page Front</title><link rel='icon' href='icon.ico'/></head> \n".
        "<body bgcolor='#121212'><center>Loading...</center></body></html>      \n";
    //THE FAKE CONTENTS WOULD IN TURN RUN A JQUERY SCRIPT TO RETRIEVE THE ACTUAL PAGE CONTENT

    //DO NOT RUN THE REST OF THE SCRIPT/PAGE
    exit();
}
//IF OBSCURE SCRIPT FUNCTIONALITY IS ON, AND IF A FETCH REQUEST WAS MADE,
//PERFORM THE FOLLOWING VALIDATION
else if ($obscureScripts && isset($_GET['fetch']) && $_GET['fetch'] == 'content')
{   //ATTEMPT TO RETRIEVE EXISTING SESSION
    session_start();

    //CHECK IF A SESSION WAS SET: THIS IS TO INDICATE THE LOADING OF FAKE CONTENTS AND THAT
    //THE REAL CONTENTS ARE ONLY LOADED ONCE - BY THE JQUERY SCRIPTS PREVIOUSLY LOADED
    if (isset($_SESSION['obscr']) && $_SESSION['obscr'] == 'set')
    {   //ONCE CONFIRMED, UNSET THE SESSION TO PREVENT ANOTHER REQUEST
        unset($_SESSION['obscr']);

        //IF THE SESSION BECAME EMPTY AFTER UNSETTING THE 'obscr' SESSION VARIABLE,
        //DELETE THE SESSION
        if (empty($_SESSION))
        {   session_unset();
            session_destroy();
        }

        //CLOSE THE SESSION WRITER AND PROCEED TO THE REST OF THE CONTENTS
        session_write_close();

        //NOTICE THAT THERE'S NOT exit() OR die() REQUEST HERE.
        //THIS MEANS THAT THE SCRIPT WOULD PROCEED TO THE CONTENTS
    }
    //IF NO SESSION IS SET, THIS MEANS THAT THE GET METHOD IS PROBABLY BEING REQUESTED
    //FOR THE SECOND TIME; PROBABLY NOT BY THE PRE-LOADED SCRIPTS
    //IF SO, PERFORM THE FOLLOWING:
    else
    {   //CLOSE THE SESSION WRITER
        session_write_close();

        //RELOAD THE PAGE BY REDIRECTING TO SELF
        header('Location: '.$_SERVER['PHP_SELF']);

        //PREVENT SHOWING ANYTHING AFTER THIS CODE
        exit();
    }
}
?>
<html>
<head><title>The content you want to hide</title></head>
<body>Your precious content.</body>
</html>

Método Post:

    <?Php
    //THE FOLLOWING VARIABLE IS ADDED TO ENABLE TOGGLING OF THIS FUNCTIONALITY:
    $obscureScripts = TRUE;

    //IF OBSCURE SCRIPT FUNCTIONALITY IS ALLOWED,
    //THE SYSTEM SHOULD ONLY ALLOW REQUESTS TRIGGERED BY SPECIFIED GET METHOD
    //OTHER THAN THAT, OR UNLESS $_GET['fetch'] == 'content', PERFORM THE FOLLOWING SCRIPTS:
    if ($obscureScripts && !(isset($_POST['fetch']) && $_POST['fetch'] == 'content'))
    {   //OPEN A SESSION
        session_start();

        //CREATE AN INDICATOR THAT THIS METHOD HAS BEEN USED
        $_SESSION['obscr'] = 'set';

        //CLOSE SESSION WRITER
        session_write_close();

        //ECHO THE FAKE CONTENTS OF YOUR PAGE
        echo // USING HEREDOC THIS TIME
<<<SCRIPT
<script type='text/javascript' src='plugins/jquery-1.9.0.min.js'></script>
<script>
\$.post
(   "{$_SERVER['PHP_SELF']}",
    {   fetch:"content"
    }
).done
(   function(data)
    {   \$("body").empty().html(data);
    }
);
</script>
<html>
    <head>
        <title>Page Front</title>
    </head>
    <body>
        <center>Loading...</center>
    </body>
</html>
SCRIPT;
        //THE FAKE CONTENTS WOULD IN TURN RUN A JQUERY SCRIPT TO RETRIEVE THE ACTUAL PAGE CONTENT

        //DO NOT RUN THE REST OF THE SCRIPT/PAGE
        exit();
    }
    //IF OBSCURE SCRIPT FUNCTIONALITY IS ON, AND IF A FETCH REQUEST WAS MADE,
    //PERFORM THE FOLLOWING VALIDATION
    else if ($obscureScripts && isset($_POST['fetch']) && $_POST['fetch'] == 'content')
    {   //ATTEMPT TO RETRIEVE EXISTING SESSION
        session_start();

        //CHECK IF A SESSION WAS SET: THIS IS TO INDICATE THE LOADING OF FAKE CONTENTS AND THAT
        //THE REAL CONTENTS ARE ONLY LOADED ONCE - BY THE JQUERY SCRIPTS PREVIOUSLY LOADED
        if (isset($_SESSION['obscr']) && $_SESSION['obscr'] == 'set')
        {   //ONCE CONFIRMED, UNSET THE SESSION TO PREVENT ANOTHER REQUEST
            unset($_SESSION['obscr']);

            //IF THE SESSION BECAME EMPTY AFTER UNSETTING THE 'obscr' SESSION VARIABLE,
            //DELETE THE SESSION
            if (empty($_SESSION))
            {   session_unset();
                session_destroy();
            }

            //CLOSE THE SESSION WRITER AND PROCEED TO THE REST OF THE CONTENTS
            session_write_close();

            //NOTICE THAT THERE'S NOT exit() OR die() REQUEST HERE.
            //THIS MEANS THAT THE SCRIPT WOULD PROCEED TO THE CONTENTS
        }
        //IF NO SESSION IS SET, THIS MEANS THAT THE GET METHOD IS PROBABLY BEING REQUESTED
        //FOR THE SECOND TIME; PROBABLY NOT BY THE PRE-LOADED SCRIPTS
        //IF SO, PERFORM THE FOLLOWING:
        else
        {   //CLOSE THE SESSION WRITER
            session_write_close();

            //RELOAD THE PAGE BY REDIRECTING TO SELF
            header('Location: '.$_SERVER['PHP_SELF']);

            //PREVENT SHOWING ANYTHING AFTER THIS CODE
            exit();
        }
    }
    ?>
    <html>
    <head><title>The content you want to hide</title></head>
    <body>Your precious content.</body>
    </html>