Comments on: Decoding obfuscated Javascript

By: Cd-MaN

Cd-MaN — Mon, 06 Apr 2009 09:26:14 +0000

As a rule of thumb I don’t recommend solutions like obfuscators, because (in my opinion) if somebody wants to steal your software, s/he will and s/he won’t pay for it (ie. the percent of people who you can “force” to pay by using protection schemes is very, very low).

This said, I would start with a javascript minimization program, like the YUI compressor: http://www.julienlecomte.net/yuicompressor/

It will make your code load faster and make it difficult enough reading it to make the occasional inspection hard.

By: Anil Philip

Anil Philip — Mon, 06 Apr 2009 09:18:05 +0000

I need to obfuscate my Javascript code which took me a long time to write and a lot of effort. Can you please recommend a free product that will do this?

By: Cd-MaN

Cd-MaN — Fri, 23 Feb 2007 20:02:07 +0000

It is always a game of economics. Spammers will go after the "low hanging fruit" (that is addresses which can be found simply by searching through the page) until a sizable amount of people start using javascript "encoding".

Also, most of these techniques either rely on manual decoding (which isn't done by spammers because spam is a number game because you have to get very large quantities of emails out to get some response) or are too limited for them to bypass more than just the very basic javascript encoders.

In conclusion: by using javascript encoders you will be safe for a very long time. Also, you can always use a contact form which is an other nice way to avoid spam resulting from harvesters. Me? I just put out my address as many places I can to see what interesting spam is out there, but I have to say that Yahoo does a pretty decent job of eliminating it.

By: Anonymous

Anonymous — Fri, 23 Feb 2007 19:54:45 +0000

damnit, I hope spammers don’t get a hold of these techniques. How else will I obfuscate my email address?