I've been writing lots of code for many years, but in the past it's never been required to be protected, mainly because the code was written for clients and not myself.
I have lots of JavaScript & jQuery code that I have written, my biggest issues is that I have Ajax requests as well, and these communicate with internal PHP files.
Here's a sample of code from Google:
function Yf(a, b, c) {
c && (b = r(b, c));
if (document.addEventListener) try {
Zf(document, "DOMContentLoaded", b, a)
} catch (d) {
Zf(window, "load", b, a)
} else if (!document.uniqueID && document.expando) var e = document.createElement("tempnode"),
f = window.setInterval(function() {
try {
e.doScroll("left")
} catch (a) {
return
}
window.clearInterval(f);
f = e = null;
c && (b = r(b, c));
b()
}, 50);
else "readyState" in document ? f = window.setInterval(function() {
/loaded|complete/.test(document.readyState) && (window.clearInterval(f), f = null, c && (b = r(b, c)), b())
},
50) : Zf(window, "load", b, a)
}
=====================================
Code comes from this url: http://www.google.com/inbox/assets/js/main.min.js
Online JavaScript beautifier: http://jsbeautifier.org/
Is this obfuscated or is it written this way from the beginning? (Sure, one can follow along and read this code and other lines, but there's no evidence of any Ajax requests that are communicating with an (or several) internal page files)
Similar question might have been posted previously, but bear with me.
-
1So you want to obfuscate the JavaScript as you are using AJAX? This doesn't make a lot of sense and it doesn't make your app more secure.Ram– Ram2014年10月26日 16:00:55 +00:00Commented Oct 26, 2014 at 16:00
-
1@Vohuman I am sure that when it comes to protection as a whole, it's not going to help a lot, as this has to do with the infrastructure that the website itself runs on and the core back-end code in PHP. Still I'd like to know if code like this is actually obfuscated or if it is written like this on purpose by Google Front-End Developers.John Smith– John Smith2014年10月26日 16:06:44 +00:00Commented Oct 26, 2014 at 16:06
-
it's just minified, not obfuscatedcharlietfl– charlietfl2014年10月26日 16:08:54 +00:00Commented Oct 26, 2014 at 16:08
-
Obviously the code had been minified and mangled. A tool like UglifyJS does this for you! "Security through obscurity" doesn't make your app more secure. The point of minifying client-side code is not security.Ram– Ram2014年10月26日 16:10:04 +00:00Commented Oct 26, 2014 at 16:10
-
1@charlietfl Hahaha! I see that it is minified, my issue is not minifying code. What I want to know is if code is written like this on purpose or if this is obfuscated? Major sites, Twitter, Google, Facebook, a few to mention, have their JS files written this way.John Smith– John Smith2014年10月26日 16:10:56 +00:00Commented Oct 26, 2014 at 16:10
1 Answer 1
Usually, no.
All those single letter variables are often the result of running code through a JavaScript minifier.
JavaScript code gets sent to the browser over HTTP, so it's practice to make the code as compact as possible to save on bandwidth (which, in Google's case, can be a lot). This involves the use of a minifier, which acts like a compiler of sorts that takes existing JS code and transforms it and optimizes it to be functionally identical, but in a much smaller size.
For more detail you can see the Wikipedia page on minification, which states:
Minification (also minimisation or minimization), in computer programming languages and especially JavaScript, is the process of removing all unnecessary characters from source code without changing its functionality. These unnecessary characters usually include white space characters, new line characters, comments, and sometimes block delimiters, which are used to add readability to the code but are not required for it to execute.