Message from JavaScript discussions

May 2017

— Also, why would you want to hide JS?


I've seen people send JS over HTTPS and use eval to run it, but it will still appear in network/sources. If you use a socket you can use some encapsulated protocol to hide the data you are sending/recieving

— Or obfuscate it using JSFuck

— Or, not use any JS in the browser at all except for DOM mutations, and run all your business logic on the server, using that same socket to just exchange arbitrary data

Message permanent page

— Https://

— JSFuck is super easy to reverse

— This is doable

— Preferable in many situatons, a side effect is it hides your business logic

— Well, reactive components are fun too

— Because you can unpack in memory directly, nothing will appear to the user or developer even, unless they go into the debugger and manually run through your source step by step until they are able to expose critical variables or functions

Message permanent page

— At that point, like any program, it can be put under dynamic analysis, so there is no *perfect* way unless you encapsulate/abstract 100% of your API's as to not expose implementation details

Message permanent page

— After you do that, it's the same as running PHP on the server