Web Analytics Made Easy -
StatCounter document.write with function help! - CodingForum

Announcement

Collapse
No announcement yet.

document.write with function help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • document.write with function help!

    I want to encrypt some html code. I want to allow my customers to use code that pertains to my server. But I don't want them to be able to manipulate it, or know the locations of the folders that are in the links.

    Of course it still has to execute correctly on their own site without depending on functions that are set up on my own server, and I wanted to keep it as simple as possible.

    So I've started with this by placing a function that will "encrypt" the html code:

    <script>
    eval(unescape('f%75%6ec%74%69%6f%6e%20%78%78%28%6e%29%0D%0A%7B%7a%20%3D%20%75%6ee%73ca%70e%28%6e%29% 3B%76a%72%20%79%20%3D%20%27%27%3B%0D%0Af%6f%72%20%28%69%3D0%3B%69%3C%7a%2e%6ce%6e%67%74%68%3B%69%2b% 2b%29%20%0D%0A%7B%79%20%2b%3D%20%53%74%72%69%6e%67%2ef%72%6f%6dC%68a%72C%6fde%28%7a%2ec%68a%72C%6fde A%74%28%69%29%2d1%29%3B%7D%0D%0Ad%6fc%75%6de%6e%74%2e%77%72%69%74e%28%75%6ee%73ca%70e%28%79%29%29%3B %0D%0A%7D%20'));
    </script>

    The above statement with document.write is:

    function xx(n) {z = unescape(n);var y = ''; for (i=0;i<z.length;i++) {y += String.fromCharCode(z.charCodeAt(i)-1);} document.write(unescape(y)); }

    The next script will be something like:

    <script>xx('encrypted output will go here');</script>

    Here's where my ignorance really shines. I think my question is probably more simple than what's already shown - what command would I use to give me the "encrypted output" based on the function created above?

    I thought I could get away with something like:

    document.write(xx('test'));

    But I'm pretty sure this is wrong. Any idea on what would be the correct way to gather the output based on the function?

    Here
    Last edited by greg890; Oct 10, 2006, 01:42 PM. Reason: small addition

  • #2
    Moot .

    If you use javascript to decrypt your encrypted data, your data will be compromised.

    condiser the following:
    Code:
    var encrypted = "replaceWithYourEncrypedData";
    
    function decrypt(s){
       var d = "decryptedResult"; //replace with decryption
       return d;
    }
    What's to stop someone from saving the page to their computer, then inserting this line of javascript?
    Code:
    alert(decrypt(encrypted));
    You will need some server side (CGI) encryption and decryption along with some url rewriting (Apache mod rewrite)
    in order to perform the task of encrypting the values.
    Last edited by VortexCortex; Oct 10, 2006, 02:02 PM.

    Comment


    • #3
      I appreciate your answer. I'm sure it is much more secure than the direction I'm taking. But I do not need a bullet-proof formula. The data being protected is not entirely sensitive, and the people who use it are not likely to try and decipher it.

      Most importantly, I don't have the know-how to be able to follow your suggestion. So I need to start from a more basic level.

      I know it may be a strange request, but if I were to use javascript as mentioned before, what should I use to encrypt based on the function I provided?

      I had thought:
      Code:
      document.write(xx('test'));
      I thought the function name xx would run, before displaying the output variable of "test". But I was wrong.

      The function is:
      Code:
      function xx(n) {z = unescape(n);var y = ''; for (i=0;i<z.length;i++) {y += String.fromCharCode(z.charCodeAt(i)-1);} document.write(unescape(y)); }
      Last edited by greg890; Oct 10, 2006, 02:13 PM. Reason: added function to keep post organized

      Comment


      • #4
        Take a look at http://javascript.about.com/library/blenc.htm where there are a couple of forms that can create the encrypted script and everything else needed for it to work for you. It produces encrypted code that is at least as secure as any other web page encryption.
        Stephen
        Learn Modern JavaScript - http://javascriptexample.net/
        Helping others to solve their computer problem at http://www.felgall.com/

        Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

        Comment


        • #5
          I appreciate that. Actually, I had already looked at the material there.

          I've done a lot of reading and feel like I'm just one small piece of code away from doing what I want.

          So really I want to know is - Is there a command to display text that is encrypted with a pre-defined function?

          my function is named xx.

          So how would I get the page to display "Hello World!" (for example) using the function xx that has been created?

          Comment


          • #6
            A dose of your own medicine.

            If you wrote the function xx you stated above, why did you not first write the function that creates input for xx?

            Consider this code:
            Code:
            <html>
            <head>
            <title>Useless use of escaping</title>
            <script type="text/javascript">
            eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%73%63%72%27%2B%27%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%78%78%28%6E%29%7B%7A%3D%75%6E%65%73%63%61%70%65%28%6E%29%3B%76%61%72%20%79%3D%5C%27%5C%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%7A%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%7B%79%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%7A%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%31%29%3B%7D%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%79%29%29%3B%7D%3C%2F%73%63%72%27%2B%27%69%70%74%3E%27%29%3B"));
            </script>
            <script type="text/javascript">
            xx("%3D%74%64%73%6A%71%75%21%75%7A%71%66%3E%23%75%66%79%75%30%6B%62%77%62%74%64%73%6A%71%75%23%3F%67%76%6F%64%75%6A%70%6F%21%76%74%66%6D%66%74%74%29%74%2A%7C%77%62%73%21%69%66%79%3E%28%31%32%33%34%35%36%37%38%39%3A%42%43%44%45%46%47%28%3C%77%62%73%21%79%3E%6F%66%78%21%42%73%73%62%7A%29%74%2F%6D%66%6F%68%75%69%2B%34%2A%3C%67%70%73%29%77%62%73%21%6A%3E%31%3C%6A%3D%74%2F%6D%66%6F%68%75%69%3C%6A%2C%2C%2A%7C%77%62%73%21%69%21%3E%21%74%2F%64%69%62%73%44%70%65%66%42%75%29%6A%2A%2C%32%3C%79%5C%79%2F%6D%66%6F%68%75%69%5E%3E%28%26%28%3C%79%5C%79%2F%6D%66%6F%68%75%69%5E%3E%69%66%79%2F%64%69%62%73%42%75%29%4E%62%75%69%2F%67%6D%70%70%73%29%69%30%32%37%2A%2A%3C%79%5C%79%2F%6D%66%6F%68%75%69%5E%3E%69%66%79%2F%64%69%62%73%42%75%29%69%26%21%32%37%2A%7E%73%66%75%76%73%6F%21%79%2F%6B%70%6A%6F%29%28%28%2A%7E%3D%30%74%64%73%6A%71%75%3F");
            </script>
            </head>
            <body>
            <script type="text/javascript">
            xx("%3D%62%21%69%73%66%67%3E%23%24%23%21%70%6F%64%6D%6A%64%6C%3E%23%78%6A%6F%65%70%78%2F%6D%70%64%62%75%6A%70%6F%3E%28%69%75%75%71%3B%30%30%78%78%78%2F%77%70%73%75%66%79%64%70%73%75%66%79%2F%64%70%6E%30%28%23%3F%57%6A%74%6A%75%21%57%70%73%75%66%79%44%70%73%75%66%79%2F%64%70%6E%3D%30%62%3F");
            
            //use the useless function to create input for the xx function.
            var html = useless('<input type="button" onclick="alert(\'It works...\')" value="click me">');
            //Show the escaped code of html variable.
            document.write("<hr>Input: "+html+"<hr>Output: ");
            
            //output the input to prove it works.
            xx(html);
            </script>
            </body>
            </html>
            If you want to find out how the "useless" function works, you'll have to break your own encryption.

            LOL

            Comment


            • #7
              Thanks for your help. I know you're thinking it's useless, but it has served an important purpose.

              Now... do a search on useless information. There are some enjoyable articles.

              Comment


              • #8
                Instead of:

                Code:
                document.write(xx('test'));
                you should use

                Code:
                xx('test');
                Stephen
                Learn Modern JavaScript - http://javascriptexample.net/
                Helping others to solve their computer problem at http://www.felgall.com/

                Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

                Comment

                Working...
                X