JavaScript Obfuscation

Hot on the heels of the last post, I figured I'd quickly talk about the flip-side of beautification.

What?
JavaScript is a client side scripting language that you're probably already somewhat familiar with if you've ever fought a losing war with pop ups. It's often used to add dynamic elements to otherwise static websites, however you can do all sorts of neat junk with it.

Code obfuscation is the sweet, sweet art of making your junk hard to understand. That's right, there's actually a word for it.

This brings us to javascript obfuscation. Because javascript is run "client-side," (as opposed to server side), your computer grabs a copy of it and runs it. When you view a website with javascript in it, you have full access to the script being executed. Besides looking at the actual logic of the code, you can even change how it runs using snazzy tools like firebug or kill it with things like noscript.

In the wild, there are plenty of reasons why you may want to hide your code... But usually there are only two:

1) You worked really hard on your script and you have deep-seated issues about sharing.

2) You're doing bad things and you don't want people to know what the things are.

You may also just write horrible code, but that's usually unintentional so I'm not adding a 3rd.

How?
There are plenty of tools out there to accomplish this or, if you're the industrious type, you can always do it by hand. For those of you who don't want to wait several hours tediously re-writing their scripts, here are two awesomely effective websites to help you out.

The JavaScript Packer - a javascript compressor and obfuscator that'll help make your code smaller and less user-friendly. For some fun stuff, trying switching on the "base62 encode" and "shrink variables" options.

The Free JavaScript Obfuscator - does exactly what it says. More human-unfriendly goodness.

The real awesomeness of these comes when you chain them together. Take a simple alert('yo') script and run it through both of them a few times. Have fun.

Keep in mind, though, that if someone has your script, even if it's obfuscated, they still have your damn script. And if they're good enough, you bet they can figure out what it does and reverse engineer it.

JavaScript Beautification

During the course of my work day, I'm frequently ambushed by horribly written JavaScript. Plenty of people have been adding cloudy web 2.0 elements to their sites without understanding the code they're copy/pasting. At some point, someone passed me a link to the Online Javascript Beautifier. This bit of code attempts to take ugly script and beautify it. Pretty nifty.