3

I'm searching for a javascript obfuscator. Though I've found many obfuscators, no one so far seems to be able to handle (ie ignore) inline php code. Example of what I mean by inline php code:

var my_javascript_variable = <?php echo $my_php_variable; ?>;

Is this possible to obuscate, and if so, does anyone know of such a tool?

asked Jun 30, 2010 at 14:07
2
  • You can minify the above with whatever tool you usually use. You just have to run it (I mean serve the page, run the PHP), and take the output and minify that. You could do that on a protected page and output the minified result onto an accessible page. Commented Jun 30, 2010 at 14:21
  • What about to separate dynamic parts of your javascript with static parts and then obfuscate and/or minimize only static part and leave dynamic part unobfuscated? Commented Jun 30, 2010 at 14:33

6 Answers 6

3

Not aware of any obfuscator capable of doing this, but you could simply make your JavaScript code reference a Config Object instead of the PHP code. Then you can obfuscate the main JavaScript code, e.g.

// Config object with anything that has to be assigned through PHP
var Config = { 'foo': '<?php echo $foo?>' }
// and some obfuscated code that uses the Config object
var _0x76dc=["\x66\x6F\x6F"];alert(Config[_0x76dc[0]]);
answered Jun 30, 2010 at 14:16
Sign up to request clarification or add additional context in comments.

2 Comments

That's a neat suggestion. Seems to work too. It's the best solution yet, so I will go with it!
wouldn't $foo variable still be visable?
2

I'd suggest not actually obfuscating in the first place but to minify (using yui compressor / jsmin or similar) instead but thats just my opinion

answered Jun 30, 2010 at 14:17

1 Comment

<nods> Obfuscating for security doesn't work, especially with JS. Compression does make sense.
1

Run your inline php and javascript into ob_start();
Insert ob_start(); at the beginning of your javascript inside the <script> tag

<?php ob_start(); ?>

Your inline php and javscript goes here

Insert ob_get_clean(); where you want to end the encryption of your inline php and javscript

<?php $jsCode = ob_get_clean(); ?>

Then run $jsCode through your php obfuscator class.
However, I'm yet to find a good working PHP javascript Obfuscator which can not be deobfuscated via http://deobfuscatejavascript.com/

answered Dec 31, 2020 at 11:52

1 Comment

could you please give a complete example? also, which php obfuscator would you recommend? thanks
0

Check out SD JavaScript Obufuscator. It is designed to handle Javascript standalone or embedded in various HTML-like languages (HTML, XML, ASP, PHP).

answered Jun 30, 2010 at 14:29

Comments

0

Google Closure compiler can do this. (Because) It would not touch strings. Therefore

var my_javascript_variable = "<?php echo $my_php_variable; ?>";

or 

var my_javascript_variable = Number("<?php echo $my_php_variable; ?>");

(for integers) will work.

source: https://stackoverflow.com/a/10455479/6702598

answered Aug 20, 2018 at 23:41

Comments

0

you can replace your PHP variable with something else such as _thisismyphpdontmoveit and then obfuscator the code with _thisismyphpdontmoveit after being obfuscated you can press ctrl+F to search _thisismyphpdontmoveit and replace them with your PHP variable. This is my way to obfuscate JavaScript with inline PHP I don't know if it will work for you but some of them work for me

answered Nov 18, 2020 at 14:22

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.