Hiding Your Code :

Anyone can access the code of a web page or two by right-clicking and choosing View source
from the context menu. This technique is a very common way for developers to learn new
techniques for writing HTML and JavaScripts.
The source code for a web page—including JavaScript—is stored in the cache, the part of
computer memory where the browser stores web pages that were requested by the visitor. A
sophisticated visitor can access the cache and thereby gain access to the web page source code.
1. A developer can disable use of the right mouse button on site so the visitor can't access
the View Source menu option on the context menu. This will hide both HTML code
and JavaScript from the visitor.
2. In addition, developer can store JavaScript on his web server instead of building it into
web page. The browser calls the JavaScript from the web server when it is needed by
the web page. Using this method, the JavaScript isn't visible to the visitor, even if the
visitor views the source code for the web page.

Disabling the Right Mouse Button :

The following example shows how to disable the visitor's right mouse button while the browser
displays your web page. All the action occurs in the JavaScript that is defined in the <head>
tag of the web page. The JavaScript begins by defining the BreakInDetected() function. This
function is called any time the visitor clicks the right mouse button while the web page is
displayed. It displays a security violation message in a dialog box whenever a visitor clicks the
right mouse button.
Example:
<html>
<head>
<title>Lockout Right Mouse Button</title>
<script type="text/javaScript">
function BreakInDetected()
{
alert('Security Violation')
return false
}
function InternetExploreBrowser()
{
if (event.button==2)
{
BreakInDetected()
return false
}
}
document.oncontextmenu=new Function("BreakInDetected();return false")
</script>
</head>
<body>
<h1>hello</h1>
</body>
</html>
In the function ‘InternetExploreBrowser()’ definition, the browser is told to determine which
mouse button the visitor clicked. This function definitions is used for detecting whether any
button except the first mouse button, presumably the left button, is clicked by the visitor.
The BreakInDetected() function is called if the visitor clicks any button other than the left
mouse button. The BreakInDetected() function is also called if the visitor right-clicks to open
the context menu. This prevents the visitor from accessing the View Source menu item.

Hiding Your JavaScript

A developer can hide his JavaScript from a visitor by storing it in an external file on web server.
The external file should have the .js file extension. The browser then calls the external file
whenever the browser encounters a JavaScript element in the web page. When a visitor tries to
see at the source code for the web page, he will see reference to the external .js file, but he
won't see the source code for the JavaScript.
The next example shows how to create and use an external JavaScript file. First developer must
tell the browser that the content of the JavaScript is located in an external file on the web server
rather than built into the web page. Developer can do this by assigning the file name that
contains the JavaScripts to the src attribute of the <script> tag, as shown below:

<script src="MyJavaScripts.js"
language="Javascript" type="text/javascript">
Next, developer need to define empty functions for each function that you define in the external
JavaScript file. Some older browsers don't use external files for JavaScripts and will generate
an error when called a JavaScript function that hasn't been defined in the web page. The empty
function definitions prevent this error from generating, because the function is defined within
the web page. However, an error may still occur, since the correct function definition is not
executed.

<html>
<head>
<title>Using External JavaScript File</title>
<script src="myJavaScript.js" type="text/javascript">
function OpenNewWindow()
{
}
</script>
</head>
<body>
<img height=92 src="7441805.gif" width=70 border=0 name='cover'>
<img height=1 src="" width=10>
<a onmouseover="OpenNewWindow()" onmouseout="MyWindow.close()">
<b><u>Java Demystifified </u></b>
</a>
</tbody>
</table>
</body>
</html>
The final step is to create the external JavaScript file. Developer can do this by placing all
function definitions into a new file and then saving the file using the .js extension. The external
JavaScript file must be placed on the same web server that contains the web page and accessed
from the same domain.

MyJavaScript.js file:
function OpenNewWindow()
{
document.cover.src='7441805.gif'
MyWindow = window.open('', 'myAdWin', ‘height=50,width=150,left=500,top=400')
MyWindow.document.write( '10% Discount for Java Demystifified!')
}

After creating the external JavaScript file, define empty functions for each function that is
contained in the external JavaScript file, and reference the external JavaScript file in the src
attribute of the <script> tag.

Concealing Your E-mail Address :

Some spammers create programs called bots that surf the Net looking for e-mail addresses that
are embedded into web pages, such as those placed there by developers to enable visitors to
contact them. The bots then strip these e-mail addresses from the web page and store them for
use in a spam attack. This technique places developers between a rock and a hard place. If they
place their e-mail addresses on the web page, they might get slammed by spammers. If
they don't display their e-mail addresses; visitors will not be able to get in touch with the
developers.
The solution to this common problem is to conceal e-mail address in the source code of web
page so that bots can't find it but so that it still appears on the web page. Typically, bots identify
e-mail addresses in two ways: by the mailto: attribute that tells the browser the e-mail address
to use when the visitor wants to respond to the web page, and by the @ sign that is required of
all e-mail addresses. Job of developer is to confuse the bots by using a JavaScript to generate
the e-mail address dynamically. Developer still needs to conceal the e-mail address in
JavaScript, unless the JavaScript is contained in an external JavaScript file, because a bot can
easily recognize the mailto: attribute and the @ sign in a JavaScript. Bots can also easily
recognize when an external file is referenced.

To conceal an e-mail address, developer need to create strings that contain part of the e-mail
address and then build a JavaScript that assembles those strings into the e-mail address, which
is then written to the web page.
Example: Creating four string:
• The first string contains the addressee and the domain along with symbols &, *, and _
(underscore) to confuse the bot.
• The second and third strings contain portions of the mailto: attribute name. Remember that
the bot is likely looking for mailto:.
• The fourth string contains the subject line. developer can generate the TO, CC, BCC, subject,
and body of an e-mail from within a web page.

Developer can use these four strings to build the e-mail address. This process starts by using
the replace() method of the string object to replace the & with the @ sign and the * with a
period (.). The underscores are replaced with nothing, which is the same as simply removing
the underscores from the string.
All the strings are then concatenated and assigned to the variable b, which is then assigned
the location attribute of the window object. This calls the e-mail program on the visitor's
computer and populates the TO and Subject lines with the strings generated by the
JavaScript.
Example:
<html>
<head>
<title>Conceal Email Address</title>
<script language=JavaScript>
function CreateEmailAddress()
{
var x = 'BobSmith&smith*c_o_m'
var y = 'mai'
var z = 'lto'
var s = '?subject=Customer Inquiry'
x = x.replace('&','@')
x = x.replace('*','.')
x = x.replace('_','')
x = x.replace('_','')
var b = y + z +':'+ x + s
window.location=b
}
</script>
</head>
<body>
<input type="button" value="Help" onclick="CreateEmailAddress()">
</body>
</html>