开发者

Is it possible to compress and obfuscate Javascript code on the fly?

I came across this great online tool. It has options to compress and obfuscate JS. I am wondering if it is possible to do that o开发者_运维百科n the site on the fly. I know it will slightly slow-down the client, but in my case it is acceptable. I am more concerned about proprietary code I use.

I use PHP and jQuery mainly.


Are you talking about doing this on the client side? This defeats the purpose entirely. Sending the unobfuscated, uncompressed code to the client defeats both of the important elements of this process:

  • bandwidth/time savings of sending compressed
  • obfuscating can help make it harder to reverse engineer your code (but doesn't make it impossible by any means)

Short story: do it on the server side.


You can use minify, which is based on Yahoo's YUI-Compressor.

It combines multiple CSS or Javascript files, removes unnecessary whitespace and comments, and serves them with gzip encoding and optimal client-side cache headers.

To get obfuscation, you can set nomunge => false


Minify does compress and minify (but not obfuscate) on the fly. It will cache the result until the files change. There might be a way to obfuscate as well.


If you're concerned about protecting proprietary code, I would move whatever proprietary operations you have to server side (as @DA pointed out). Anybody can run your js through JS beautifier and get readable code regardless of how obfuscated it is.

JS Obfuscation/compression is best used to make the js smaller to consume less bandwidth when a client loads your page. What you're suggesting might be useful when trying to stop an xss attack which is spreading through your site - by renaming a variable which a malicious script is attempting to exploit - but outside of that I don't see any reason or benefit of implementing re-obfuscation with each request.


If you are concerned about proprietary code you don't want others to see, then don't use JavaScript or any client-side language for that matter. JS obfuscation isn't security...just a scam to sell obfuscation software.

As for compressing, yes, you can do that server side. As stated, YUI-Compressor is a good option.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜