-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eval() breaks Chrome Extensions #65
Comments
Hi. |
I disabled those 3 settings, but there are still eval() calls in there, breaking the extension. I would suggest an additional setting specific to eval, and when that is unchecked, no evals would ever be used in the obfuscated code. Thank you. |
This is high priority for me now. |
Oh, i was wrong. Right now you should set to Currently So i should change way of getting global object. |
Thank you, sanex. With your latest instructions I disabled those few settings and was able to obfuscate all my code so that it doesn't break in the extension. BUT when I de-obfuscate the obfuscated code at http://jsnice.org/, it successfully re-constructs the code in a mostly-understandable fashion. Some things are still nicely opaque, but many things are now understandable. When I enable those other obfuscation settings, jsnice can't touch it, and things remain very obfuscated, but as it stands, it's too easy. Is there any way you can make the obfuscation more hard-core without resorting to eval()? And perhaps have a separate checkbox just for "use eval()" or etc? That would be super awesome. |
Did you use |
One other note: https://javascriptobfuscator.com/ (the paid tool) can do quite impressive obfuscation without using eval and thus without breaking chrome extensions. So I know this is possible. Thanks in advance for anything you can do. I love that yours is free. |
If you will use Also new |
Thanks! Here are the settings I used: http://www.zerogravpro.com/temp/obf_settings.png |
|
In 10-20 mins i will publish new beta release |
Please try new But be aware. Version on https://javascriptobfuscator.herokuapp.com/ will be changed only with stable release (currently panned in next one-two weeks). |
String Array does make the obfuscation MUCH stronger...but it uses eval() (on the website) and thus breaks my Chrome Extension. I am using the website version. I'm going to try javascript-obfuscator@0.10.0-beta.8. Are there instructions somewhere of what I need to install and how to make this work on my local windows PC? |
No. Why you can't use latest beta npm package? It has Node API and CLI. |
I did it all by command line. The obfuscation is awesome and the chrome extension works perfectly! Thanks so much for building an awesome tool and for helping me to get it working. THANKS! |
Nice! If here no problem anymore, please, close the issue and be prepared for stable release of 0.10.0 in next two weeks. |
Hello Great package! Is there a date on the version on https://javascriptobfuscator.herokuapp.com/ without eval? Also, it seems like, if you want to keep performance as fast as possible, you only recommend the compact |
Version without eval already on https://javascriptobfuscator.herokuapp.com/ |
I just tried out the obfuscator online here:
https://javascriptobfuscator.herokuapp.com/
...which I believe is based on this TS obfuscator. But after obfuscating the js files in my Chrome Extension, my extension breaks hard because eval() is illegal in some contexts of Chrome Extensions. This is a show-stopper for me, so I was wondering if there's some way to instruct the obfuscator to not ever use eval() in the obfuscation. It would be especially nice if you could tell me which setting(s) to avoid at javascriptobfuscator.herokuapp.com so I can retry there first. And then, how would I do the same thing in the downloaded TS app?
Thanks so much in advance, this seems like an awesome free tool.
The text was updated successfully, but these errors were encountered: