I’ve searched and searched the web for an answer to this question, but I’ve completely bombed out. I’m hoping that one of the legion of SD’ers can clue me in.
More and more I’m seeing web pages in which the options to View Page Source and View Page Info are greyed out, blocking easy access to the HTML. I would like to do this to some web pages I’ve designed.
I assume it’s done with a javascript.
Does anybody out there know how to accomplish this, or know where to point me to find out?
I don’t know the exact answer to the question, but i’m fairly certain that if the page hasn’t finished loading, those options will be grayed out. So either the page you’re looking at hasn’t finished loading, or like you said, there’s a script that’s fooling the browser into thinking it hasn’t finished… good luck.
Further to this: it’s pointless to try and stop people seeing the source. They can of course just save your page and view the source that way.
Basically, if someone can view the page, they can view the code (or their browser wouldn’t know how to display it!).
If you want a technique hidden, then do it server-side. But did you never learn anything useful by looking at a page source? Maybe time to share a little?
Have you tried saving the page offline to then check out the source code? Don’t know if that will help, but it’s worth a try IMO. Maybe even open it up in some WYSIWYG Web program.
There is no effective way to shut out code viewing. You can disable specific menu items using the window object with JavaScript, and you can disable right clicking for context menus, but I presume you already know all this.
Using IIS, you can try these techniques with IDocHostUIHandler’s ShowContextMenu method, but they would only work with IE.
In the end, people can always open your file from cache with Notepad!
If you want secure code, then write it server side, or use an embedded object or style sheet.
Can you give an example of a page which disables the View Source? I’ve never seen one, nor one that disables the Back button.
Some pages open their links in another browser window, and of course that window’s Back button will be disabled. I consider it impolite web page manners to open in another window, since this will confuse many people who for whatever reason think their browser window needs to be maximized to full screen. Especially when using inferior web browsers such as Netscape or Internet Explorer.
Hey, if Cecil can use sentence fragments, then I can too!
From: http://idm.internet.com/ix/msg/14652.html
Question:‘For security reasons, I don’t want users to be able to use the view source option in either the
drop-down menus or the right-click menu. I have found various scripts that disable the right click
menu, but that still leaves the drop-down menu.’
Answer:'very very difficult, because this is the utility provided by nescape and ie and other
browsers. if you wants to do that means you hae to disable the entire “menu bar”.
That will be in any of the Javascript text.
you could load up your page in a new window with no menu bar, tool bar etc., but the user can
still look in the cache an view the source. Another solution is to use Javascript to write out the
whole page and then use a scrambler to scramble your code. This can still be decoded but it will
be difficult.
[QUOTE]
*Originally posted by Libertarian * Sorry, but that won’t work. In VBScript, the Response object directs the Write method to the Document object.
Sorry, I should have been more clear in what I was writing. I believe that if you put the entire html page content into one variable, and then do a response.write(variablename), it will not print the html contents in source view.
If you can’t view the source, you can’t view the page in any browser. There is no way to hide the “source” (HTML content) of page transferred through HTTP. Try the following on any web site. Replace the “/index.html” in the “GET” line with any other file you want to retrieve, on that server, and modify the “Host:” header to fit the site you’re connecting to. The following is what you’ll see using Unix tools, adapt for the tools you’re using. Lines that begin with “>” are things you type (don’t include the “>”).
>telnet www.straightdope.com 80
Trying 63.97.40.3...
Connected to node3.chicagoreader.com.
Escape character is '^]'.
>GET /index.html HTTP/1.1
>Host: www.straightdope.com
>
There’s the source, and minus a few browser identification headers, that’s what your client sends to a web server when it needs a page. The server will always send back your HTML, for anyone with a tool as simple as telnet to read.
You can obfuscate your HTML (make it really hard to read by humans), but people can always run it through a pretty-printer and get it back as something readable. After all, the tags aren’t that hard, and the content is all text.
You can play tricks with client-side scripting to defer the final assembly of the page to some sort of programmatic evaluation (example: page contains JavaScript that has variable holding encoded page markup and a function to decode it, then view it in a frame). This usually isn’t any more secure than “rot13”, unless you spend a lot of time with your JavaScript cipher, and it’s pretty easily defeated by someone who can read your JavaScript.
If you’re trying to hide your HTML because it contains sensitive information, you should be using HTTPS. If you’re trying to hide your HTML because you don’t want your viewers learning your secrets, you should pick a medium other than HTML, and a transport other than HTTP, and publish there.
You can’t block the “View Source” option without hacking into your browser’s memory, which would be rather difficult to achieve seeing as how your OS is protecting said memory from things like that.
What is likely happening is that the page’s haven’t loaded fully. I know that in Netscape, you can’t view a page’s source until the page has finished loading (the stoplight has been grayed out). Try to stop the loading, then see if it’s greyed out.
Yes, I have never seen a web page where you could not see the source. But I have seen some that make it a nuisance by using frames and a lot of script. Eventually you can find your way to what you are looking for but it can be a PITA.
CurtC, I am not sure why you consider it impolite for a link to open a new browser window. I do it often and I do not understand why it would be impolite. You say it might confuse newbies? well, that is a weak argument. Anything new will confuse newbies. They will learn.
What I think should not be done (and I see relatively often) is open another website in one of your own frames