Actually I'm developing a Chrome extension and a jQuery plugin to upload it and sell it on Codecanyon. When I "Inspect source" of the page and I click on the "Resources" tab, the javascript file looks empty. How does Codecanyon do that? I want to have file theft prevention in my own website too, but I don't know how to do it. I know php and javascript and there's no method to do it, because the browser downloads the file to execute it.
You can see the example here.
First, pick your favorite Javascript based Pretty Print/Beautifier. I prefer the one at http://jsbeautifier.org/, because it's what I found first. Downloads its file https://github.com/beautify-web/js-beautify/blob/master/js/lib/beautify.js
Second, download and install The Mozilla group's Java based Javascript engine, Rhino. "Install" is a little bit misleading; Download the zip file, extract everything, place js.jar in your Java classpath (or Library/Java/Extensions on OS X). You can then run scripts with an invocation similar to this
java -cp js.jar org.mozilla.javascript.tools.shell.Main name-of-script.js
Use the Pretty Print/Beautifier from step 1 to write a small shell script that will read in your javascript file and run it through the Pretty Print/Beautifier from step one. For example
//original code
(function() { ... js_beautify code ... }());
//new code
print(global.js_beautify(readFile(arguments[0])));
Rhino gives javascript a few extra useful functions that don't necessarily make sense in a browser context, but do in a console context. The function print does what you'd expect, and prints out a string. The function readFile accepts a file path string as an argument and returns the contents of that file.
You'd invoke the above something like
java -cp js.jar org.mozilla.javascript.tools.shell.Main beautify.js file-to-pp.js
You can mix and match Java and Javascript in your Rhino run scripts, so if you know a little Java it shouldn't be too hard to get this running with text-streams as well.
If you don't want to use javascript, you can handle it via php. Take a look at this lib: http://code.google.com/p/php-mobile-detect/. And then you could do something like:
<?php
include 'Mobile_Detect.php';
$detect = new Mobile_Detect();
if ($detect->isMobile()) {
header('Location: yourpage.php');
exit(0);
}
Cookies are not the way to transfer variables between client and server. you should append key/variables pairs to your request URL using either a get (querystring) or post method.
jQuery ajax example;
$.get('http://www.myphpserver.com/script.php?row_id=' + NewCookieValue);
As per Eric's suggestion, I solved it by checking the key myself. In the code I want to protect, I add the following call,
EnsureAssemblyIsSignedByMyCompany( Assembly.GetCallingAssembly() );
Then the implementation of that method is
/// <summary>
/// Ensures that the given assembly is signed by My Company or Microsoft.
/// </summary>
/// <param name="assembly"></param>
private static void EnsureAssemblyIsSignedByMyCompany( Assembly assembly )
{
if ( assembly == null )
throw new ArgumentNullException( "assembly" );
byte[] pubkey = assembly.GetName().GetPublicKeyToken();
if ( pubkey.Length == 0 )
throw new ArgumentException( "No public key token in assembly." );
StringBuilder builder = new StringBuilder();
foreach ( byte b in pubkey )
{
builder.AppendFormat( "{0:x2}", b );
}
string pkString = builder.ToString();
if ( pkString != "b77a5c561934e089" /* Microsoft */ &&
pkString != "abababababababab" /* Ivara */ )
{
throw new ArgumentException( "Assembly is not signed by My Company or Microsoft. You do not have permission to call this code." );
}
}
** Names and keys changed to protect the innocent. Any likeness to real names or companies is merely a coincidence.*
You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.
The actual code in your example is downloaded with the jquery.js file.