Protect your Javascript

Javascript has gone so long to be what it is today. jQuery pushes the bar to a much higher leave that change the landscape of the way we use the web. What ever happened to VBScript? While Javascript is meant to be free and for sharing, with the increasing use of ajax technology, Javascript is no longer snippets of code that power little decoration of your web page like the sliding news or blinking text, in fact a lot of times in the branding business the use of advance Javascript technology such as OOP can be a major player in the game. For one, Javascript works across platform (unlike Flash which is iDevices awarkard), further more, Javascript is a script language, no installation required, all your need to run it is an Internet browser.

While Javascript is more and more important to business as an intellectual property, there is no practical way to protect it from being read and download. Any one who knows how to view the source code of a web page can easily copy and paste the Javascript that comes with it. It's basically the same as html in that way. What we can do is to discourage by making it harder to understand.

Javascript minimizer

If you have done jQuery development, you know jQuery offers two version for download, regular and minimized. Minimized Javascript behave the same as its regular version, but with all whitespace and comments removed from the source code. Some Javascript minimizing tool optimize the source code to make it run more robustly, but they don't remove the human-readable nature from the script. Minimization makes the source code more difficult to read by serializing the code. Meanwhile many coding IDEs provide option to format serialized Javascript, or an experience Javascript developer with substantial amount of patience can restore the code with a simple notepad.

Obfuscation

Obfuscated code is machine code that has been made to difficult to understand for human. Obfuscated Javascript appears as a string of random symbols, and is delivered over the Internet that way. When the obfuscated code arrives, you browser has to understand it by deobfuscation. This process can be monitored in open source browsers such as Firefox, therefore there is no secret. In fact there is deobuscation tools for free on the Firefox add-ons website. Again the point is to discourage, there is no practical way to stop the code from being taken.

Protecting Javascript really comes down to the design of the app. Javascript as a front-end open source language should not handle any mission critical logic. For example, if you run a online taxing service, the formula that calculates the estimate tax refund should not be written in Javascript. This process should be handled by the server. Communicate to the front-end (the browsers) using XHR requests (Javascript + ajax) that are only passing state data back and forth.