How can you stop people going to "view source" in their browser? So it shows a blank page or something?

Everything enclosed within PHP tags should be invisible :o

Originally posted by UrlGuy
Everything enclosed within PHP tags should be invisible :o

Yes, but if you want to show the user a page you will have to echo some html and that will be visible to the user if they do view source.

I use PHP tags to hide some comments and some code which I want to comment out but not remove (people decided they wanted fewer features for now but want the ability to put things back in later).

You can't.

Can't be much simpler than that.

Some people use javascript to disable the right click menu, but you can of course still use the view menu, disable javascript, or use wget (or even telnet) to get the HTML skipping the browser alltogther.

HTML is, by it's nature, open source.

Well there is one way... but your page has to be blank ;)

There are ways to block the content from being human readable but using character codes.

There are ways to block the content from being human readable but using character codes.
Though this sort of obfuscation can be undone - it is just a matter of time and motivation.

there are ways you can make it harder for people to view source but you can't prevent a determined person.

worse comes to worst, a simple GET header can be sent and all your X/HTML can be accessed. as long as you allow the user agent to see it, more or less anyone can see it :)

yea and being able to disable javascript makes you sol sometimes cause your browser needs that code to display the page in the first place cause if we just images itd take forever to download

You could also output a bunch of new lines before the HTML so when a simple user views the source, it just looks like a blank notepad :D

Well I'm just wondering if would it be possible ie. to do a javascript include in the main, world accessible file that would output the html content and put the javascript itself in a protected directory (ie. with 'Deny from all' put on it in Apache).

More challenging, but the same rule still applies: if the browser can see it, a determined user can see it.

before the <html> tag just hold the return key for like 1 minute. ;)

man volk you may as well just copy and paste some of that return stuff

Originally posted by VolkNet
before the <html> tag just hold the return key for like 1 minute. ;)

Then in Firefox just highlight the page and right click and select 'view selection source'

Its already said. No perfect way since the source goes to the client machine. So it depends on how able the user is :)

Now, there are many ways of tricking the user into either having problems reading your source or not actually realising there is a source, if they are clever enough they will get around all attempts anyway.

The first way is to start the file around 20 lines down, so if they view source they get a blank area and think *hmpf - its not workin* ... It happened to me once when I was trying to view someones source back in the day.

The other way I came up with was to simply fit as much html as you can onto one line so it all looks confusing. This works wonders in stopping people from ripping you off although it may cause problems with some browsers or search engines - I am unsure, shouldn't do if they are as advanced as they like to say they are.

Example.
<html><head><title>Bla bla</title></head><body><br><table cellpading="0" cellspacing="0"><tr><td>Bla all on 1st line</td></tr></table><br></body></html>

lol

All you can do is make it harder for people to see the source. If they can view the page then they have recieved the HTML code obviously. No matter what you do, if someone is determined, they will find your source.

Yeah, honestly not worth the time/resources it will take you to half-way mask this.

If you don't want your visitors to view the source of the current page, just send them a blank page :D

Impossible to hide, but possible to make it hard to be human-readable.

But, if someone was that determined and able, why would they be stealing your layout?

Wouldn't they be able to make one themselves?

you could use xmlhttprequest object in javascript.

So when people "view source" they just see the xmlhttprequest object code. And not the actual code returned by the server.

Sortof how google does it for gmail.

Originally posted by fusionrays
you could use xmlhttprequest object in javascript.

So when people "view source" they just see the xmlhttprequest object code. And not the actual code returned by the server.

Sortof how google does it for gmail.

Yes, use AJAX, search for it.

AJAX.....................do you want googlebot not to see the page either?

i say we all go binary

Originally posted by gilbert
i say we all go binary

:)

Format obfuscation poses no obstacle. A single sed command can reformat it well enough to look as legible as many sites, and special purpose reformating tools can do a lot better than that. Although it may appear like an attempt at obfuscation, pages which contain little to no carriage returns are probably high traffic sites saving bandwidth. Heavily formatted pages contain quite a few bytes in the form of carriage returns and/or line feeds that have no benefit besides source readability.