Viewed   72 times

Actually I'm developing a Chrome extension and a jQuery plugin to upload it and sell it on Codecanyon. When I "Inspect source" of the page and I click on the "Resources" tab, the javascript file looks empty. How does Codecanyon do that? I want to have file theft prevention in my own website too, but I don't know how to do it. I know php and javascript and there's no method to do it, because the browser downloads the file to execute it.

You can see the example here.



You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.

The actual code in your example is downloaded with the jquery.js file.

Sunday, October 16, 2022

First, pick your favorite Javascript based Pretty Print/Beautifier. I prefer the one at, because it's what I found first. Downloads its file

Second, download and install The Mozilla group's Java based Javascript engine, Rhino. "Install" is a little bit misleading; Download the zip file, extract everything, place js.jar in your Java classpath (or Library/Java/Extensions on OS X). You can then run scripts with an invocation similar to this

java -cp js.jar name-of-script.js

Use the Pretty Print/Beautifier from step 1 to write a small shell script that will read in your javascript file and run it through the Pretty Print/Beautifier from step one. For example

//original code    
(function() { ... js_beautify code ... }());

//new code

Rhino gives javascript a few extra useful functions that don't necessarily make sense in a browser context, but do in a console context. The function print does what you'd expect, and prints out a string. The function readFile accepts a file path string as an argument and returns the contents of that file.

You'd invoke the above something like

java -cp js.jar beautify.js file-to-pp.js

You can mix and match Java and Javascript in your Rhino run scripts, so if you know a little Java it shouldn't be too hard to get this running with text-streams as well.

Saturday, December 24, 2022

If you don't want to use javascript, you can handle it via php. Take a look at this lib: And then you could do something like:

include 'Mobile_Detect.php';
$detect = new Mobile_Detect();

if ($detect->isMobile()) {
    header('Location: yourpage.php');
Friday, October 21, 2022

Cookies are not the way to transfer variables between client and server. you should append key/variables pairs to your request URL using either a get (querystring) or post method.

jQuery ajax example;

$.get('' + NewCookieValue);
Monday, October 31, 2022

As per Eric's suggestion, I solved it by checking the key myself. In the code I want to protect, I add the following call,

EnsureAssemblyIsSignedByMyCompany( Assembly.GetCallingAssembly() );

Then the implementation of that method is

  /// <summary>
  /// Ensures that the given assembly is signed by My Company or Microsoft.
  /// </summary>
  /// <param name="assembly"></param>
  private static void EnsureAssemblyIsSignedByMyCompany( Assembly assembly )
     if ( assembly == null )
        throw new ArgumentNullException( "assembly" );

     byte[] pubkey = assembly.GetName().GetPublicKeyToken();
     if ( pubkey.Length == 0 )
        throw new ArgumentException( "No public key token in assembly." );

     StringBuilder builder = new StringBuilder();
     foreach ( byte b in pubkey )
        builder.AppendFormat( "{0:x2}", b );
     string pkString = builder.ToString();
     if ( pkString != "b77a5c561934e089" /* Microsoft */ &&
          pkString != "abababababababab" /* Ivara */ )
        throw new ArgumentException( "Assembly is not signed by My Company or Microsoft. You do not have permission to call this code." );

** Names and keys changed to protect the innocent. Any likeness to real names or companies is merely a coincidence.*

Friday, December 9, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :