Protect image download - html

I know the best way to protect image download is not putting it on internet in the first place.
I assume there is no 100% protection against image download and that if a user can see an image on internet he can with a bit of experience find access to download it.
I am aware of transparent .gif or .png covering the images or using background_image CSS property to protect it and prevent right click download but are there
other ways to complicate image download and therefore prevent image download by most users?
Here is simple code to start with :
<img src="http://placekitten.com/600/450">

Another way to remove the "save image" context menu is to use
some CSS. This also leaves the rest of the context-menu intact.
img {
pointer-events: none;
}
It makes all img elements non-reactive to any mouse events such as dragging, hovering, clicking etc.
See spec for more info.
In reactjs project, avobe code put in global CSS (index.css)

No there actually is no way to prevent a user from doing a particular task. But you can always take measures! The image sharing websites have a huge team of developers working day and night to create such an algorithm where you prevent user from saving the image files.
First way
Try this:
$('img').mousedown(function (e) {
if(e.button == 2) { // right click
return false; // do nothing!
}
});
So the user won't be able to click on the Save Image As... option from the menu and in turn he won't get a chance to save the image.
Second way
Other way is to use background-image. This way, the user won't be able to right click and Save the Image As... But he can still see the resources in the Inspector.
Third way
Even I am new to this one, few days ago I was surfing Flickr when I tried to right click, it did not let me do a thing. Which in turn was the first method that I provided you with. Then I tried to go and see the inspector, there I found nothing. Why? Since they were using background-image and at the same time they were using data:imagesource as its location.
Which was amazing for me too. You can precvent user from saving image files this way easily.
It is known as Data URI Scheme: http://en.wikipedia.org/wiki/Data_URI_scheme
Note
Please remember brother, when you're letting a user surf your website you're giving him READ permissions on the server side so he can read all the files without any problem. The same is the issue with image files. He can read the image files, and then he can easily save them. He downloads the images on the first place when he is surfing your website. So there is not an issue for him to save them on his disk.

If it is only image then JavaScript is not really necessary. Try using this in your html file :
<img src="sample-img-15.jpg" alt="#" height="24" width="100" onContextMenu="return false;" />

There is no way to protect image downloading. This is because the image has to be downloaded by the browser for it to be seen by the user. There are tricks (like the transparent background you specified) to restrict certain operations like image right click and saving to browser cache folder, but there isn't a way for truly protecting the images.

1. Disable the Right Click on all Images
let allImages = document.querySelectorAll("img");
allImages.forEach((value)=>{
value.oncontextmenu = (e)=>{
e.preventDefault();
}
})
2. Disable the Pointer Event Using CSS
img{
pointer-events: none;
}
3. Put a transparent overlay over all the Images
<div class="imageContainer">
<div class="overlayDiv"></div>
<img src="Image.jpg" alt="Image">
</div>
And some CSS like this
.imageContainer{
position: relative;
}
img{
position: absolute;
width: 100%;
height: auto;
top: 0px;
left: 0px;
}
.overlayDiv{
position: absolute;
width: 100%;
height: auto;
top: 0px;
left: 0px;
background-color: transparent;
z-index: 2;
}
4. Put your Image as a Background Image
div{
background-image: url(Image.jpg);
background-size: cover;
}
These methods will only work on normal users because they most probably don't know about the inspector or how to check source code.
But a web developer can easily download these files, there is no such way you can disable the inspector completely.
At the end i would like to add few words.
Technically, Now think about this you are sending a Image from your server to another computer over HTTP, and you are at the same time trying to prevent it, it doesn't make any sense.....
you should always assume that anything that enters the machine of the user can be retrieved back now or later, no matter how hard you try, to hide it with encryption or maybe like youtube, sending the thing in chunks, and collecting them in browser.
getting the image ultimately is hard for a common user but not for people with a lot of technical background, maybe they are intercepting the entire network on Operating System Level, how you gonna stop them there.

As some people already said that it is not possible to prevent people to download your pictures, a trick could be something like this:
$(document).ready(function()
{
$('img').bind('contextmenu', function(e){
return false;
});
});
This trick prevents from the right click on all img. Obviously people can open the source code and download the images using links in your source code.

There is no full-proof method to prevent your images being downloaded/stolen.
But, some solutions like: watermarking your images(from client side or server side), implement a background image, disable/prevent right clicks, slice images into small pieces and then present as a complete image to browser, you can also use flash to show images.
Personally, recommended methods are: Watermarking and flash. But it is a difficult and almost impossible mission to accomplish. As long as user is able to "see" that image, means they take "screenshot" to steal the image.

Here are a few ways to protect the images on your website.
1. Put a transparent layer or a low opaque mask over image
Usually source of the image is open to public on each webpage. So the real image is beneath this mask and become unreachable. Make sure that the mask image should be the same size as the original image.
<body>
<div style="background-image: url(real_background_image.jpg);">
<img src="transparent_image.gif" style="height:300px;width:250px" />
</div>
</body>
2. Break the image into small units using script
Super simple image tiles script is used to do this operation. The script will break the real image into pieces and hide the real image as watermarked. This is a very useful and effective method for protecting images but it will increase the request to server to load each image tiles.

First realise that you will never be able to completely stop an image being downloaded because if the user is viewing the image they have already downloaded it (temporarily) on their browser.
Also bear in mind the majority of users will probably not be web developers but they may still examine the source code.
I really discourage disabling right click, this can be extremely frustrating for the end user and is not safe anyway since the image can still be dragged into a new window and downloaded.
I would suggest the method used by CampSafari i.e.
img {
pointer-events: none;
}
but with an improvement:
So first lets remove the url of your image and add an id attributes to it. Like so:
<img id="cutekitten">
Next we need to add some JavaScript to actually show the image. Keep this well away from the <img> tag you are trying to protect:
document.getElementById("cutekitten").src = "http://placekitten.com/600/450";
Now we need to use the CSS:
#cutekitten {
pointer-events: none;
}
The image cannot be dragged into a new window as well downloaded via right click.
JSFiddle
Yet another method you could use is the embed tag:
<embed src="http://placekitten.com/600/450"></embed>
This will prevent the right click.

I know this question is quite old, but I have not seen this solution here before:
If you rewrite the <body> tag to.
<body oncontextmenu="return false;">
you can prevent the right click without using "real" javascript.
However, you can't prevent keyboard shortcuts with HTML. For this, you must use Javascript.

As other answers said, if you can see it you can copy/download it.
To add up to the other answers, just for your information, you can add invisible or tricky watermarks to your images:
http://www.cgrats.com/create-an-invisible-watermark-in-photoshop.html (just an example, there are more techniques, just google for invisible watermarks)
Anyway if you want to prove the ownership of your image a good way is to have a bigger resolution copy for yourself, and always publish a lower resolution / size one. Or publish it also on a "public" media like ... deviantart or flickr or something where people can't change the upload date. This way you can prove you had that image before anybody else

Try this one-
<script>
(function($){
$(document).on('contextmenu', 'img', function() {
return false;
})
})(jQuery);
</script>

This is working form me: content: url('https://myimage.png'); in the style or css class. Than you cant right click and save the image.
img.my-image-class{
content: url('https://myimage.png');
}
You can also convert the image to base64 and put it like bellow. So if yo want to download the image you need to use developer tools, than find the class, than copy the base64 which can be long if the image is big and than you need to decode this base64 and you will have the image. So its still possible to download the image. Even if it was not possible users can make screenshots of the image on the webpage and cut it in paint or use cutting tools.
img.my-image-class{
content: url(data:image/gif;base64,...img base64.....);
}
Convert IMG to Base64: https://www.base64-image.de/
Decode Base64: https://codebeautify.org/base64-to-image-converter
Reference: How to reuse base64 image repeatedly in HTML file

It's pretty much all about how much work the "thief" is willing to put into stealing the image.
You can possible deter a lot of lazy ones by just disabling the right-click menu, creating overlays, using it as background-image, ... But anyone with limited IT skills can go into the Developer Tools, under "Network", and is able to see and copy any images that have been downloaded to the browser.
These solutions also come with some downsides. Using "background-image" will possibly prevent Google from indexing your image. No context menu can prevent the user from using other options in the context menu which can be quite annoying.
The best - and basically only - solution, is to cut the image up into small pieces server-side, and put them back together with some custom javascript. For extra protection you can store some kind of "map" along with the image, with directions on how the image should go back together. This way it's not clear to the thief how all the different downloaded tiles should fit together.
Of course anyone can always take a screenshot. But I assume you are more worried about people downloading a full size and high quality image, instead of just having a low-res screenshot version.

As we know there is no proper method to avoid image theft. But we can reduce it for some extent. We can avoid those people who are not geek in computers to download the image as well as your code.
Here are some JQuery tricks we should include in our site to reduce image theft
Disable right click
Disable Ctrl+ combination (ex Ctrl+s,Ctrl+u) [Better to disable Ctrl key ]
But user can also download the web page using developer tools in Firefox. We don't have solution for this because this will be on the client side and is provided by the user's browser.
You can find the code for all the above listed on stack overflow

this code will disable Right-Click on Win or Click and hold on mac to open "contextmenu"
$("img").on("contextmenu",function(e){return false;});
It's so simple and always works fine.
and it's not depends on OS or Browser that you're using.

I used the below code in global CSS (index.css) in ReactJS. It's working correctly. You can also try. Thanks.
img{
pointer-events: none;
}

Related

how to fast convert bootstrap button into png image file?

that I would like to say, there is a good (or maybe not) bootstrap framework that can generate buttons with simple code.
I really like how these buttons look, and I want to use them in another software, but for this I need them in PNG format.
Why is not satisfied with the option "manually" - the buttons need a lot and not always needed, but when needed - they need fast, do not really want to spend a lot of time creating buttons ...
Current process:
Open page (for example https://www.tutorialrepublic.com/twitter-bootstrap-button-generator.hhp) to set the necessary parameters (button name, size, type, color, icon ...)
Copy the whole screen to the buffer
Insert a screenshot from the buffer into an image editor
Make necessary cropping of this picture, leave only the image of the button itself
Save the result in png format
Use the image in your application.
That I would like to receive:
Open (no difference - internet page, any software, etc...)
Specify the required parameters (button text, size, color, icon)
Press the button - save to PNG, without loss of quality.
Use the image in your application
Maybe someone already solved a similar problem and translated it into a semi-automatic mode, share the implementation.
I use Win10 at workstation
The easiest way would be to manually crop them by Snipping Tool. This works great if you have just a few buttons.
But if you want to take them automatically, I think you can use an python/opencv script to idendify buttons, crop and save them.
Ok, solution found - ShareX (https://getsharex.com/) software with 1 hotkey (ctrl + printscreen) - open crop dialog with zoom, after crop - makes the png-file automatic

Overlay one iframe on top of another, scroll them together

Following up on How to rewrite URLs referenced by Javascript code? I'd like to overlay a button on top of someone else's website (e.g. overlay a Paypal button alongside Stackoverflow's bounty button) and have the two <iframe>s scroll together. The button would reside in the top layer. The website would reside in the bottom layer.
I understand that transparent <iframe>s were/are abused for clickjacking but the browser security mechanism seems to block legitimate use-cases. In my case the user is seeing the same button he/she is clicking. It's even possible that this is a browser bug.
Here is what I see under Chrome:
The top <iframe> intercepts all mouse clicks, even for areas that do not contain any components. Meaning, users cannot interact with the bottom layer at all.
If I style the top <iframe> with pointer-events: none the opposite problem occurs: users are able to see the top layer but all mouse clicks go to the bottom layer. Applying pointer-events: auto to child components does not help (clicks still pass through to the bottom layer).
If I size and position the top <iframe> so its area is equal precisely to the button I am trying to overlay, then mouse clicks go to the right layer but the top layer fails to scroll alongside the bottom layer. Meaning, the button always remains in the same absolute position as the bottom layer scrolls.
Is it possible for me to position a button in the top layer so that it always aligns with a certain position in the bottom layer? In the example where I position a Paypal button alongside the Stackoverflow bounty, I expect the Paypal button to scroll off the page as the user scrolls down the question.
https://stackoverflow.com/a/4087397/14731 leads me to believe this is not possible. Is there another way to implement this?
UPDATE: Here is a jsfiddle for you to play with. The test button is found to the right of "NEWS & VIEWS" in the middle of the page.
Update: New approach
Following discussion with Gili below, the requirement for the solution to work across multiple pages made me rethink my solution.
The new approach:
Doesn't require any code changes or specific features on the target site.
Works on every page while the user navigates (as long as they stay on the same domain)
Could be tweaked to inject any HTML/JS into any DOM element within any target page
My solution works as follows:
Send the person you want to demonstrate Widget X to an email with a link to your instructions page
That instructions page contains a bookmarklet which they add to their bookmarks bar
They visit their own site and click your bookmarklet
Your bookmarklet injects javascript into their page
That javascript creates a pop-up window with content that appears to belong to the target domain, since that domain generated the popup
That pop-up window then monitors the DOM on the target browser window (window.opener) and injects our arbitrary HTML whenever the current page doesn't contain our target node ID.
It seems to work well in my testing (perfect in Chrome, haven't tested across all browsers yet) and seems to work on every target site from StackOverflow to Twitter.
Live demo here: How to demo an web widget on a third party site without having access to their code
Sample code below, expanded for readability:
s = "<script type='text/javascript'>setInterval(function() { if(!window.opener.document.getElementById('gctrlPixelator')) {var i=document.createElement('IMG');i.src='//lorempixel.com/400/200/';i.id='gctrlPixelator';i.style.cssText='top:20;right:20;position:absolute;z-index: 9999;';window.opener.document.getElementsByTagName('body')[0].appendChild(i);}},500);</script>";
t = "<div style='text-align: center; font-family: Arial, Helvetica;'><h1 style='font-size: 18px;'>Demo running!</h1> Keep this window open and return to the main site window to continue the demo.</div>";
w = window.open('','name','height=200,width=400');
w.document.write(s);
w.document.write(t);
The above should be converted into a bookmarklet before deploying to an 'instructions' landing page for a potential client.
Original solution
First, sorry for posting this as an answer rather than as a comment. I've been thinking about this for half an hour, and only just realised I need 50 reputation to comment. So, apologies, but I wanted to share...
I agree that it's unlikely there is a cross browser way to do this double iframe trick. I read your other question about javascript URL rewriting and it lead me to an idea: Rather than trying to embed/hijack their site on another URL, how about creating a bookmarklet that allows you to inject your Javascript into their page?
It could work like this:
Direct them to your site where you host the custom bookmarklet link. Ask them to add it to their favorites.
Ask them to go to their own site, then click your bookmarklet in their bookmarks.
This would inject your JS into their page, allowing you to edit the DOM any way you wanted (e.g. changing styles, adding DOM elements, etc.)
Code something like this, converted to a bookmarklet (i.e. wrapped in a function with a javascript: at the start) could do the trick...
var script = document.createElement("script");
script.setAttribute("type", "text/javascript");
script.setAttribute("src", "http://www.example.com/file.js");
document.getElementsByTagName("head")[0].appendChild(script);
I've tested that in Chrome and it seems happy to load the JS cross-domain. The only rule seems to be that the protocols must match (http or https).
Not quite what you asked for, but a possible solution.

Hiding all fixed-position elements

I'm sick of webpages that show a fixed element that always follow you on the screen, and sometimes partially block the view of the page. (Example.) I want to make a custom CSS rule to add to Chrome that would set display: none; to all elements that have position: fixed;
Is this possible? How?
IMO, the easiest way to create what you want is to make a bookmarklet to hide all fixed elements. It won't run automatically on every page, but you can click on it whenever something's annoying you.
I used Ben Alman's jQuery bookmarklet generator with a filter from this existing Stack Overflow question.
$('*').filter(function() {
return $(this).css("position") === 'fixed';
}).hide();
I minified the code, generated the bookmarklet, then dragged the bookmarklet to my toolbar and, bam, instant tool.
If you really want this to run automatically on every page, you could check out TamperMonkey and use the same script.

Chrome Extension - Don't load certain parts of a webpage

A recurring problem with modern web design can be summed up as "too much sh** all over the place". There're two problems with this: one, it takes up memory and takes longer to load, and two, it visually clutters the webpage.
If I just wanted to solve the second problem, I wouldn't need help. JavaScript can delete DOM nodes and CSS can hide them, so there're already a few visible ways to simply hide parts of a webpage. What I want to do is solve the first problem - make a webpage load faster by not loading certain elements.
I'm pretty sure it's impossible to selectively download certain parts of an HTML file. But once the source is downloaded, the browser doesn't have to actually parse and display all of it, does it?
Of course, if this is done after it's already been parsed and displayed, it would be pointless. So I need a way to tell Chrome what to do before it begins parsing the HTML. Is this possible, and do you think it would significantly reduce load time/memory usage?
Yeah, unfortunately Ive never seen a way of changing the html before Chrome renders it.
But as far as blocking things that that page gets to display then Id recommend just using AdBlock https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom
AdBlock can be used to stop resources (js,images,css,xmlhttprequest) from ever being downloaded (it blocks them in the background using the webRequest api) and can also hide elements using css...its rather effective (just remember to select advanced options in its option page and then when you click the AdBlock button you get "Show the resource list"). Also installing Flashblock can help...or disable plugins in Chromes settings, doing this will make them not load but will still show on the page and then you can make them load.
Totally possible! Meet the newest Chrome API: webRequest, finalized in the current version of Chrome - 17.
Docs for webRequest: http://code.google.com/chrome/extensions/webRequest.html#event-onBeforeRequest
I'm trying to think of a solid way to do this... one suggestion I have is using the 'sub_frame' filter, and watching if it's a like/tweet/social button url
You could also block known analytics stuff... and the list goes on! Have fun! Do you have an email list I can sub to for when you launch? If not, get one and drop me a comment!
(From the comments, here is how a innerHTML hack could work)
//This modLoop constantly peers into and modifies the innerHTML in attempt to modify the html before it's fully processed.
var modLoop = function modLoop(){
var html = document.documentElement.innerHTML
//modify the page html before it's processed!
//like: html = html.replace('//google'sCDN.com/jquery/1.7.1/', chrome.extension.getURL('localjQuery.1.7.1.js'));
//I just pulled that ^ out of nowhere, you'll want to put careful thought into it.
//Then, mod the innerHTML:
document.documentElement.innerHTML = html;
setTimeout(modLoop, 1);
};
var starter = function starter(){
if (document.documentElement.innerHTML && document.documentElement.innerHTML.lengh > 0) {
modLoop();
} else {
setTimeout(starter, 1);
}
};
starter();

Remove default image before image load

Hey, so I am not looking to do anything along the lines of a pre-loader, I just want to know how to keep the browser from displaying this image:
Before the image loads.
Thanks!
it all depends on the browser and the speed of the user's connection.
You can always use a javascript preloader to stop an image from displaying until it is fully loaded on the users computer
try this jquery preloader
:-D