javascript - 如何混淆（保护）JavaScript？ [关闭](How can I obfuscate (protect) JavaScript? [closed])

Question

(Closed) .

((已关闭)

。) This question needs to be more focused .

(这个问题需要更加集中 。)

It is not currently accepting answers.

(它当前不接受答案。)

---

(Want to improve this question?)

((想改善这个问题吗？)

) Update the question so it focuses on one problem only by editing this post .

(更新问题，使其仅通过编辑此帖子来关注一个问题。)

Closed 5 years ago .

(5年前关闭。)

I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code?

(我想制作一个非开源的JavaScript应用程序，因此我想学习如何混淆我的JS代码？)

Is this possible?

(这可能吗？)

  ask by Teifion translate from so

Answer 1

Obfuscation:

(混淆：)

Try YUI Compressor .

(尝试使用YUI Compressor 。)

It's a very popular tool, built, enhanced and maintained by the Yahoo UI team.

(这是一个非常流行的工具，由Yahoo UI团队构建，增强和维护。)

You may also use:

(您还可以使用：)

• Google Closure Compiler

  (Google Closure编译器)

• UglifyJS

  (UglifyJS)

Private String Data:

(私有字符串数据：)

Keeping string values private is a different concern, and obfuscation won't really be of much benefit.

(将字符串值设为私有是另一个问题，而混淆并不会带来太大好处。)

Of course, by packaging up your source into a garbled, minified mess, you have a light version of security through obscurity .

(当然，通过将源打包成乱码，最小的乱七八糟，可以通过模糊 性获得轻便的安全性 。)

Most of the time, it's your user who is viewing the source, and the string values on the client are intended for their use, so that sort of private string value isn't often necessary.

(在大多数情况下，查看源的是您的用户，客户端上的字符串值是供他们使用的，因此通常不需要这种私有字符串值。)

If you really had a value that you never wanted a user to see, you would have a couple of options.

(如果您确实拥有一个您从未希望用户看到的价值，那么您将有两个选择。)

First, you could do some kind of encryption, which is decrypted at page load.

(首先，您可以进行某种加密，该加密在页面加载时解密。)

That would probably be one of the most secure options, but also a lot of work which may be unnecessary.

(那可能是最安全的选择之一，但也可能是很多不必要的工作。)

You could probably base64 encode some string values, and that would be easier.. but someone who really wanted those string values could easily decode them .

(您可能可以对一些字符串值进行base64编码，这会更容易..但是真正想要这些字符串值的人可以轻松地对其进行解码 。)

Encryption is the only way to truly prevent anyone from accessing your data, and most people find that to be more security than they need.

(加密是真正阻止任何人访问您的数据的唯一方法，大多数人发现加密比他们需要的安全性更高。)

Sidenote:

(边注：)

Obfuscation in Javascript has been known to cause some bugs.

(众所周知，JavaScript中的混淆会导致一些错误。)

The obfuscators are getting a little better about it, but many outfits decide that they see enough benefit from minifying and gzipping , and the added savings of obfuscation isn't always worth the trouble .

(混淆器对此有所改善，但是许多公司认为他们发现缩小和gzipping带来了足够的好处，而增加混淆所带来的节省并不总是值得的 。)

If you're trying to protect your source, maybe you'll decide that it's worth your while, just to make your code harder to read.

(如果您想保护自己的源代码，也许您会认为值得这样做，只是使您的代码更难阅读。)

JSMin is a good alternative.

(JSMin是一个很好的选择。)