Purchasing HTML Source Protection

Question: You have said on your site that you cannot stop people viewing your html source. I have seen products for sale that will do this. Since there are programs that I can buy to block people from accessing my source why do you persist in saying that it can't be done?
anonymous

Answer: I have seen a number of these programs advertised for sale in magazines and also on the internet. Some of them even have demo pages on their web site to show you how good their protection is. Using nothing more than a web browser I was easily able to get a clean copy of the source of each such demo page in under thirty seconds. Not one of these programs actually protects your page source from being read. The only way that I have found to even partially protect your page source is to create your page in Adobe Acrobat and not use HTML at all. Even there your page content can be stolen using a screen capture program.

The problem with encrypting HTML is that in order for a web browser to be able to display the page the source code for that page must be in a form that the browser can understand. This means that anyone with a web browser can easily bypass any "protection" built into an HTML page and access the page source using the browser itself. One browser that makes it really easy to bypass almost all of the encryption methods used is Netscape 7.0. With most encryption methods all you need to do to extract readable page source from an encrypted page is to select Page Save As from the File menu in that browser and save a copy of the page to your computer. (It is possible to block this but I haven't seen any encryption programs that do.) When you open that file in a text editor you will find the page source. Yes the code at the top still appears to be encrypted but you will find a readable copy of the page source below it. Some of the code that you copy this way will still contain javascripts that stop you from opening a copy of their page in a web browser but the html source is still fully accessible in a readable format.

If you don't have Netscape 7.0 or you are looking for a quicker method instead then here is a favelet/bookmarklet script that will decrypt many web pages. Right click on the view source link below and select Add to Favorites or Add to bookmarks.

This will create an entry in your favourites/bookmarks that will run a script that will display the source of whatever page is showing in your browser window when you select the entry. The page source will be displayed in a new browser window and will not be the actual source of the page but instead will be the source of the page as interpreted by your browser which will be functionally equivalent but in the case of XHTML coded pages will have converted the source back to the version of HTML that the browser uses. Also the code displayed only includes what is found within the <html> tags, those tags and any xml declaration at the top of the page source will not be included (but encrypted pages probably don't include those tags anyway).

The code that we are using to produce this function is actually longer than it really needs to be because I have included a page title and light blue background for the source page to make it look nice. The complete code is as follows:

javascript:(function(){
c=unescape(document.documentElement.innerHTML);
c=c.replace(/&amp;/g,'&amp;amp;');
c=c.replace(/</g,'&lt;');
c=c.replace(/>/g,'&gt;');
x.document.write('<html><head>' +
'<title>Source of Page<\/title><\/head>' +
'<body bgcolor=\'#ffffff\'><pre>' + c +
'\n<\/pre><\/body><\/html>');
x.document.close();}
)();

Anyone with a reasonable knowledge of Javascript could easily create this script and I have seen similar scripts elsewhere on the web so my providing it here isn't giving you anything that isn't easy for anyone to get. The script is also easy to block but many of the so called protection programs that you can buy don't do this so this favelet can bypass the encryption in many of them.

All that using one of these page protection programs does is to interfere with your users enjoyment of your page by blocking some of the normal functioning of their browser. It also makes it look like you have something to steal which will probably make it more likely that people will grab your source code.

There is one area where some of these "protection" programs do serve a purpose and that is that the encrypted pages are not as easily read by web spiders. This means that spammers who set spiders loose on the web looking for email addresses wont find yours. Programs that attempt to strip an entire web site and download it for offline access wont recognise your links so they'll only get the initial page and not the whole site (and hence wont put such a big load on your server using up your available bandwidth). Unfortunately the web spiders sent out by the search engines wont recognise your links either and so the only pages on your site that will ever be listed on search engines are ones you request to have added and ones linked to by other sites. Of course the free programs that provide this protection are as effective as the ones that cost money so why would you waste your money.

If after all this you still want to check out these html source protection programs then check out the following links:

Note that code of more than one or two statements is probably subject to copyright so while you can look at the page and see how the effect was achieved in order to write your own routine to perform a similar function, you do not have the right to just steal the code in order to incorporate the same effect into your page.
Felgall Pty Ltd has supplied this information in order to show how easy that it is to bypass so called HTML source protection. We accept no responsibility for any misuse of the information provided.

 

This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow
Donate