Return frontend script to client that can't be viewed by client's BROWSER
Also: Information on the latest update is here in the Update Section
Firstly the syntax would be something like callbackName=hide(callbackName,hiddenScriptReturner,optionalArray) where hide would be require('path/to/hide.js').hide
For each parameter used in the example, here are the descriptions
- callbackName: This is the function that would handle REQUESTS and RESPONSES(like http.createServer(callbackName) or app.all('*',callbackName))
- hiddenScriptToServe: This is the function that would return script(this return value can be a string or buffer) that will be run on the client side YET hidden from being seen from users on the client side. It takes in ONE argument, which is the REQUEST that the user sends(as in when a user enters a url or clicks a link)
- optionalArray: This is not a manditory parameter, but if you put it, it MUST be an ARRAY of STRINGS. This array would be for the client side global modules(like
Array.prototype.join) that your hidden code would be using. This measure exists because if NOT for it, it is EXTREMELY POSSIBLE for the user to overwrite the global function and then trace all that call it(and your hidden code can be traced and seen, even manipulated). As much as it isn't really possible to revert a global module back to its default state, BUT it is possible to accurately compare and prevent the page from running anymore if ANY checked global module is compromised(your code would STILL remain hidden)
You can:
- Click the Green Code Button to Download Zip then extract
OR - You can
git clone https://Y0ursTruly/HideJS.git
OR - You can
npm install hidejs
It uses a series/chain of request steps only the browser can follow(due to certain header protocols being ENFORCED so in this case, it means the client side user cannot imitate the sequence), thus, only the actual window would be able to follow the request/response chain to the end to get the HIDDEN CODE
CURRENT LIMITATIONS: As for now, this doesn't work on some browsers and, for the hidden script to load, you HAVE TO enable popups
Here is a Hide JS Example that is the live hosting version of cloning this repository and running requireExample.js with node
(like node path/to/requireExample.js)
You see, although I have an Express Example, it only works with app.all, I'd like to be able to change that so it's able to work with all the things that app gives(like get, post, etc)
You can contact me through my email
- Before,
hiddenScriptToServewas executed and given a completely separate REQUEST than the one the user initially puts(entering/clicking a url). Now,hiddenScriptToServeis executed and given the REQUEST the user puts(entering/clicking a url), then that value is stored until when it should be returned(which is an entirely separate request) - Now, the
hiddenScriptToServeparameter would be given the REQUEST that the user puts(when a user enters or clicks a url) instead of a separate REQUEST that is vaguely similar to the one the user actually put