More on "View Source"

I have been asked (on several occasions) why my page on How to Disable 'View Source' says that you can't when the person concerned has found a way to disable it. The answer is that they only think they have found a way to disable it. They have a false sense of security because they think that their source is protected when it is just as open to be viewed as any other web page. The only difference is that they have implemented something on their site that will interfere with legitimate visitor's use of their web browser (driving them away from the site). It will also encourage a few others to steal the page just because the person thinks that doing so is "clever".

Not that obtaining the source of any web page is hard regardless of what supposed "protection" has been applied. My page on protection has every method I have ever seen as well as some that I invented applied to it and so should be the most secure source on the web. Anyone who knows how can get readable source code for that page in seconds. Any other web page anywhere is even easier.

The most common "protection" that people apply when they are new to the web is a no right click script. They think that by blocking the right mouse click that they have protected their page source. There are several varieties of no right click script and the most common only blocks the right mouse button in Internet Explorer. Slightly more sophisticated ones block the right mouse button in Netscape, Mozilla, and Firefox as well. The most sophisticated (and the shortest) ones block access to the context menu (as it is called) from the keyboard as well as from the mouse.I have my own version of a no right click script that you can use if you insist on having one.

There are a number of ways that anyone can get around these scripts.

  1. If the script only works in Internet Explorer then you can use a different browser.
  2. If the script only blocks the mouse then you can access the menu from the keyboard instead.
  3. Regardless of what the script blocks you can use the Opera web browser which sensibly ignores any attempt to override access to the context menu.
  4. You can use a Disable No Right Click bookmarklet to disable the script.
  5. You can use a Disable Javascript bookmarklet to disabe Javascript temporarily on that one web page
  6. You can go into your browser settings and turn off Javascript.
  7. You can use the "view source" option from the "View" menu in the browser's menu bar. Some browsers will display the frameset for framed pages but others such as Opera allow you to choose whether to view the frameset or the current frame source.
  8. You can use one of the "Save" options from the "File" menu in the browser's menu bar to save a complete copy of the page to your hard drive.
  9. You can select all of the content of the web page and copy it via the clipboard into a document of your choice. This can be blocked in Internet Explorer but not in other browsers.
  10. You can use a screen capture option (such as the one available via the Print Screen button on your keyboard) to capture a complete image of what is on the screen.
  11. You can work out where the cache is on your computer that your browser downloads web pages to before displaying them. There will be a copy of all of the page content there.

The above list probably isn't complete but since some of these can't be blocked I haven't seen any need to look for more ways.

Slightly more sophisticated web authors will know of at least some of the above methods of getting around a No Right Click script and will instead turn to encrypting their page source in the mistaken belief that this will stop others from viewing it. They may even spend money to purchase a program to apply this encryption for them. Of course any encryption does not apply to images and so all of the above methods can be readily used to copy images from encrypted web pages.

If you really must encrypt your page (for a legitimate reason such as is discussed on the page Why Encrypt?) then save your money and use my HTML Source Encryptor to do it for you. My encryptor is at lease as effective as any other at blocking spam spiders and site rippers and no less effective than any other at hiding your page source.

The problem is that for the web page to be able to display in your visitor's web browser that browser must be able to decrypt the page. This means that any web page can be easily decrypted with nothing more than a web browser.

There are two quick ways that you can use a web browser to decrypt ANY encrypted web page source code in seconds.

  1. Provided that the web page does not have disabled and does not use frames you can use a View Source Bookmarklet to view the way that the web page looks after all of the Javascript code has been run. The script will not open if is disabled and will display the content of the last frame opened if a framset or iframe is used.
  2. You can use the "Save As" option in Netscape 7.0 to save the page. This particular browser version automatically decryypts the web page and saves the decrypted source for you. Of course it is possible to Disable the Netscape 7 Menu Bar but I have never seen any web page that does. Re-enabling the menu bar if it is disabled requires that a simple Javascript command be entered into the address bar.

Even if the person wanting the source can't get a copy of Netscape 7.0 they can still decrypt web pages without much difficulty using the DOM inspector in Mozilla or Firefox although this would take a bit longer then the 2 - 15 seconds required by all of the above methods.

The only part of a web page that is even slightly protected by encrypting the page are the Javascripts on the page since in order to get the decrypted javascript code you would need to identify what part of the Javascript is the decryptor and run the whole Javascript though that.

There is only one effective way to stop people viewing the source of your HTML and that is to not give them access to the code at all. You can do this by password protecting your site and not letting them know the password. A cheaper solution would be to not upload the pages to the web in the first place. Either of these will protect your source more effectively than a no right click script and you will be getting just as many visitors each day as you will with a no right click script once enough people have become annoyed at your attempt to block their legitimate use of their web browser.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow