can view source be disabled by a website? - language-agnostic

Is it possible I create a webpage that doesn't allow the website source to be displayed?

No.

From encrypt-html.com:
Almost all browsers provide a
convenient way to view the source code
of the currently opened page. We
regularly receive e-mails with the
same question - how to disable view
source command.
An html file can not enable or disable
the built in browser functionality in
most cases. It's not possible remove
the view-source command from the
browser menus or to make it
non-working. But if the source is
encrypted, what the user will see is
just a lot of garbage characters - not
your original code. So the view source
command is practically disabled for
each encrypted file.

No, you cannot hide the plain text HTML output of your web server.
How the HTML is generated is separate form the actual HTML that gets sent from the server.
This is the way the internet and world wide web were designed. If you are using a server-side scripted web application to generate your HTML, then your business intelligence / process / code is hidden, provided that people do not have access to browse the actual script file on your server.
If you would like to customize one of the open source browsers, like Firefox or Chrome, you could disable the "view source" functionality. It might be a worthwhile option for certain intranet or internal business applications. XUL and Firefox is one of the possibilities our company looked at to control what the end user could access. The only real security you have to keep your source secure is on the server side, as network / protocol monitors could still pull the HTML as it moves over the network.

You might use plugin based content, like a java applet, Flash, etc., to somewhat "hide" the real content. Of course, as eventually it will be displayed on screen, there is nothing to prevent a determined user to reverse engineer your page.

Here is an example of a site with "view source code" disabled in any browser: http://www.transelectrica.ro/StareSistem/protocoale/starea_sistemului.php The question is: HOW THEY DID IT?

i have use block methode disable right click but still can view source on chrome using metode tipe to address bar view-source:example.com
disable right click
<script type='text/javascript'>
function disableSelection(target){
if (typeof target.onselectstart!="undefined") //IE route
target.onselectstart=function(){return false}
else if (typeof target.style.MozUserSelect!="undefined") //Firefox route
target.style.MozUserSelect="none"
else //All other route (ie: Opera)
target.onmousedown=function(){return false}
target.style.cursor = "default"
}
</script>
<body oncontextmenu='return false;'>
<script type='text/javascript'>
disableSelection(document.body);

Related

Saving static HTML page generated with ReactJS

Background:
I need to allow users to create web pages for various products, with each page having a standard overall appearance. So basically, I will have a template, and based on the input data I need the HTML page to be generated for each product. The input data will be submitted via a web form, following which the data should be merged with the template to produce the output.
I initially considered using a pure templating approach such as Nunjucks, but moved to ReactJS as I have prior experience with the latter.
Problem:
Once I display the output page (by adding the user input to the template file with placeholders), I am getting the desired output page displayed in the browser. But how can I now obtain the HTML code for this specific page?
When I tried to view the source code of the page, I see the contents of 'public/index.html' stating:
This HTML file is a template.
If you open it directly in the browser, you will see an empty page.
Expectedly, the same happens when I try to save (Save As...) the html page via the browser. I understand why the above happens.
But I cannot find a solution to my requirement. Can anyone tell me how I can download/save the static source code for the output page displayed on the browser.
I have read possible solutions such as installing 'React/Redux Development Extension' etc... but these would not work as a solution for external users (who cannot be expected to install these extensions to use my tool). I need a way to do this on production environment.
p.s. Having read the "background" info of my task, do let me know if you can think of any better ways of approaching this.
Edit note:
My app is currently actually just a single page, that accepts user data via a form and displays the output (in a full screen dialog). I don't wish to have these output pages 'published' on the website, and these are simply to be saved/downloaded for internal use. So simply being able to get the "source code" for the dislayed view/page on the browser and saving this to a file would solve my problem. But I am not sure if there is a way to do this?
Its recommended that you use a well-known site generator such as Gatsby or Next for your static sites since "npx create-react-app my-app" is for single page apps.
(ref: https://reactjs.org/docs/create-a-new-react-app.html#recommended-toolchains)
If I'm understanding correctly, you need to generate a new page link for each user. Each of your users will have their own link (http/https) to share with their users.
For example, a scheduling tool will need each user to create their own "booking page", which is a generated link (could be on your domain --> www.yourdomain.com/bookinguser1).
You'll need user profiles to store each user's custom page, a database, and such. If you're not comfortable, I'll use something like an e-commerce tool that will do it for you.
You can turn on the debugger (f12) and go to "Elements"
Then right-click on the HTML tag and press edit as HTML
And then copy everything (ctrl + a)

Get generated source of an HTML page programmatically

What is the easiest way to get the generated web page of a website programatically in any programming language?
The generated web page that is required is the one you get if you go to a web page in firefox and press Ctrl-a and then right click and press "View Selection Source".
The one way that comes to mind is to understand the chromium open source web browser code and get the rendered page and use it in our service.
But I believe that there may be another solution out there that I am not aware of.
In javascript, you can get the full document content with
var html = document.documentElement.innerHTML;
If you want to do this server side you can use file_get_contents()
Ex:
file_get_contents(path_to_webpage);
For reference:
http://php.net/manual/en/function.file-get-contents.php
https://www.w3schools.com/php/func_filesystem_file_get_contents.asp

HTML5 - Do users get to see all my client code?

If I am building an HTML5 web app.. And all the rendering, UI events, etc are handled on the client, then the client gets to see the source code correct?
I am working on an enterprise HTML5 application but Id like the source code to be hidden. Are there any options?
Is it also possible to somehow hide UI graphic elements (buttons, backgrounds, sounds, etc?)
What are the options here?
Thank you
My ready answer is No : your javascript code as well as links to jQuery UI code is visible on the client's asking to "view the source".
The question is : Is it possible for your code to be applied/run by the client's browser without being shown as "source?"Is there a way :- to prevent the client from seeing the "source"; or - to destroy the incoming code as soon as it has been run and displayed once?
The second eventuality seems excluded unless there are no further javascript actions on the client's side(?)
Danquest
Quick answer: No.
Why? Well, your browser (the client) effectively downloads assets like HTML, JS and CSS (along with images and other media objects), to render on the users machine.
Because all client code is downloaded to the client, the user can essentially do with the client code, whatever they wish to.
Server side code does not get to the client, because it is processed on the server, which then produces client translatable output...again, HTML etc. You only see the end result, with the source that produced it locked away on your guarded server.
Your best bet, is to simply minify and compress your JS assets. This won't do much against a savvy developer, but it may be off-putting to the casual thief.
In any case, theft is theft and if your code is found to be used by someone else's company, I guess you have a case to file a lawsuit against them...even though in a way, it's public code.
Make sure you put a license statement with all of your code, so that you're legally covered.

Web browser integration

I need to create a software solution, that will use browser capabilities to perform some tasks.
More specific, i will need to do the following:
Load some page (by URL)
Analyse generated content (DOM), i need to access dynamically generated page, not just initial HTML document
Do a screenshot of some region of the page and save it to a file
What is the best way to do this?
What existing browser would allow me to do this and how exactly? Generally i prefer Google Chrome or Mozilla Firefox.
You can do that using casperjs
It will allow you to load a webpage, then capture any area and save it to a file.
It allow also to play with DOM
You can create a Google Chrome extension to do that.
1.In the extension, you can load page or add listener to observer the tab activities.
2.You can execute scripts on the page loaded,even use jQuery to Analyse the dom.
3.You can use chrome.tabs.captureVisibleTab function to take a screenshot,And then use canvas to handle the screenshot image.
more details about Chrome extension develop:https://developer.chrome.com/extensions/getstarted.html

How to access input fields in a page from a Chrome extension?

I am trying to make a Chrome extension for personal use that makes all the password fields type="text", so I can see the clear passwords. (I know that I can probably find something like this in the Chrome store, but it's something I want to do myself).
I am however having a hard time accessing the actual page content (the page I'm viewing in the tab). If I do
document.getElementById('text')
this selects the element from background.html not the page I'm viewing. How can I access the actual page?
Also, is there a way I can include an external javascript file so I can use functions from there?
You would need to use content script - javascript file injected into an actual page with access to DOM and events.