Thursday, June 9th, 2005

Microsoft Script Encoder

Category: JavaScript, Utility

One common issue wrt JavaScript on the web, is the fact that some people don’t feel comfortable sharing their application in source code format. You can obfuscate your code, but it isn’t too hard to reverse engineer that.

Microsoft has offered a free download, Script Encoder, that encrypts the source code and gives you an output encoded version.

So it converts between…

Non-Encoded Version

<HTML>
<HEAD>
<TITLE>Script Encoder Sample Page</TITLE>
<SCRIPT LANGUAGE="JScript">
<!--//
//Copyright© 1998 Microsoft Corporation. All Rights Reserved.
//**Start Encode**
function verifyCorrectBrowser(){
  if(navigator.appName == "Microsoft Internet Explorer")
    if (navigator.appVersion.indexOf ("5.") >= 0)
      return(true);
    else
      return(false);
}
function getAppropriatePage(){
  var str1 = "Had this been an actual Web site, a page compatible with ";
  var str2 = "browsers other than ";
  var str3 = "Microsoft Internet Explorer 5.0 ";
  var str4 = "would have been loaded.";
  if (verifyCorrectBrowser())
    document.write(str1 + str3 + str4);
  else
    document.write(str1 + str2 + str3 + str4);
}
//-->
</SCRIPT>
</HEAD>
<BODY onload="getAppropriatePage()">
</BODY>
</HTML>

Encoded Version

<HTML>
<HEAD>
<TITLE>Script Encoder Sample Page</TITLE>
<SCRIPT LANGUAGE="JScript.Encode">
<!--//
//Copyright© 1998 Microsoft Corporation. All Rights Reserved.
//**Start Encode**#@~^QwIAAA==@#@&0;mDkWP7nDb0zZKD.n1YAMGhk+Dvb`@#@&P,kW`UC7kLlDGDcl22gl:n~{'~Jtr1DGkW6YP&xDnD+OPA62sKD+ME#@#@&P,~~k6PvxC\rLmYGDcCwa.n.kkWU bx[+X66Pcr*cJ#,@*{~!*P~P,P~.YEMU`DDEbIP,P,+s/n@#@&P~P,~PM+O;Mx`WC^/n#pN6EU1YbWx,oObaw.WaDrCD+nmL+v#@#@&~P7lMPdY.q,'~J_CN,Y4rkP4nnPCx,C1Y;mV,+(PkrY~~l,wCLPmKhwmYk(snPSkDt~JI@#@&P~\m.PkY.+,'PE8MWA/.kPGDtDPDtmUPri@#@&,P-CMP/D.&,'Pr\rmMWkWWY~(YnDnY,2a2^WDn.,* !,Ep@#@&,P7lD,/D.c,'~JSW;s9Ptm-+,4+U~VKl9+[REI,Pr0,c\DrWHZW..mOAMGS/nM`*#@#@&P,~P9W^Es+UOchDbO+v/YMq~_,/DDfPQ~kY.c*IP,+sd@#@&~~,P[W1;s+UDRSDkD+vdYMF~_,/O.yP_,dYM&P3~dYMc*iNz&R @*^#~@
//-->
</SCRIPT>
</HEAD>
<BODY onload="getAppropriatePage()">
</BODY>
</HTML>

Unfortuntely, only IE supports JScript.Encode, which makes it tough to deploy this solution.

Maybe ECMA could standardize a compiled version of JavaScript. JScript.NET compiles its JavaScript anyway….

Of course, there are many people that think the way of the web is to allow View Source, and will hate this idea.

Posted by Dion Almaer at 9:34 am
4 Comments

+++--
3.1 rating from 7 votes

4 Comments »

Comments feed

Two really important things to know about this facility in advance:

(1) This is not a compressed encoding, so don’t hope for it to save you any size or parsing time (it’s just a simple re-encoding of the source text).

(2) The encoding is very easy to reverse, so it doesn’t really hide your source in any useful way (a quick Googling will give you several ways to decode these script blocks.

As far as I can tell, Microsoft really dropped the ball on this misfeature. It’s non-standard, which would be forgivable if it offered any real benefit, but unfortunately it doesn’t.

Comment by Joel Webber — June 9, 2005

Seriously, if the browser can decode the encoded script in order to parse and execute it, then people can decode it to read it. It’s that simple.

Comment by Jason Levine — June 9, 2005

very good

Comment by indique — March 7, 2006

Very cool !

Comment by Cadastro em Sites de Buscas — June 6, 2007

Leave a comment

You must be logged in to post a comment.