I'm not sure anyone else actually addressed your question directly which is code being viewed from the browser's View Source command.

我不确定其他人是否真的直接解决了您的问题，即从浏览器的“查看源代码”命令查看的代码。

As other have said, there is no way to protect javascript intended to run in a browser from a determined viewer. If the browser can run it, then any determined person can view/run it also.

正如其他人所说，没有办法保护打算在浏览器中运行的 javascript 不受确定的查看器的影响。如果浏览器可以运行它，那么任何有决心的人也可以查看/运行它。

But, if you put your javascript in an external javascript file that is included with:

但是，如果您将 javascript 放在包含以下内容的外部 javascript 文件中：

<script type="text/javascript" src="http://mydomain.com/xxxx.js"></script>

<script type="text/javascript" src="http://mydomain.com/xxxx.js"></script>

tags, then the javascript code won't be immediately visible with the View Source command - only the script tag itself will be visible that way. That doesn't mean that someone can't just load that external javascript file to see it, but you did ask how to keep it out of the browser's View Source command and this will do it.

标签，那么 javascript 代码将不会通过查看源命令立即可见 - 只有脚本标签本身才会以这种方式可见。这并不意味着有人不能只加载外部 javascript 文件来查看它，但您确实询问了如何将其排除在浏览器的查看源命令之外，这将做到。

If you wanted to really make it more work to view the source, you would do all of the following:

如果您真的想让查看源代码更加有效，您可以执行以下所有操作：

1. Put it in an external .js file.
2. Obfuscate the file so that most native variable names are replaced with short versions, so that all unneeded whitespace is removed, so it can't be read without further processing, etc...
3. Dynamically include the .js file by programmatically adding script tags (like Google Analytics does). This will make it even more difficult to get to the source code from the View Source command as there will be no easy link to click on there.
4. Put as much interesting logic that you want to protect on the server that you retrieve via ajax calls rather than do local processing.

1. 将其放在外部 .js 文件中。
2. 混淆文件，以便将大多数本地变量名称替换为短版本，从而删除所有不需要的空格，因此如果不进一步处理就无法读取它，等等......
3. 通过以编程方式添加脚本标签来动态包含 .js 文件（就像 Google Analytics 所做的那样）。这将使从查看源命令获取源代码变得更加困难，因为没有简单的链接可以点击那里。
4. 将您想要保护的尽可能多的有趣逻辑放在您通过 ajax 调用而不是进行本地处理检索的服务器上。

With all that said, I think you should focus on performance, reliability and making your app great. If you absolutely have to protect some algorithm, put it on the server, but other than that, compete on being the best at you do, not by having secrets. That's ultimately how success works on the web anyway.

尽管如此，我认为您应该专注于性能、可靠性和让您的应用程序出色。如果您绝对必须保护某些算法，请将其放在服务器上，但除此之外，竞争是您最擅长的，而不是拥有秘密。无论如何，这就是成功在网络上的最终运作方式。

No, it isn't possible.

不，这是不可能的。

If you don't give it to the browser, then the browser doesn't have it.

如果你不把它交给浏览器，那么浏览器就没有它。

If you do, then it (or an easily followed reference to it) forms part of the source.

如果你这样做了，那么它（或容易遵循的对它的引用）构成源的一部分。

Use Html Encrypter The part of the Head which has

使用 Html Encrypter Head 的部分

<link rel="stylesheet" href="styles/css.css" type="text/css" media="screen" />
<script type="text/javascript" src="script/js.js" language="javascript"></script>

copy and paste it to HTML Encrypter and the Result will goes like this
and paste it the location where you cut the above sample

<Script Language='Javascript'>
<!-- HTML Encryption provided by iWEBTOOL.com -->
<!--
document.write(unescape('%3C%6C%69%6E%6B%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%20%68%72%65%66%3D%22%73%74%79%6C%65%73%2F%63%73%73%2E%63%73%73%22%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%20%6D%65%64%69%61%3D%22%73%63%72%65%65%6E%22%20%2F%3E%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%73%63%72%69%70%74%2F%6A%73%2E%6A%73%22%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%3C%2F%73%63%72%69%70%74%3E%0A'));
//-->

HTML ENCRYPTERNote: if you have a java script in your page try to export to .js file and make it like as the example above.

HTML ENCRYPTER注意：如果您的页面中有 java 脚本，请尝试导出到 .js 文件并使其像上面的示例一样。

And Also this Encrypter is not always working in some code that will make ur website messed up... Select the best part you want to hide like for example in <form> </form>

而且这个加密器并不总是在一些会使你的网站混乱的代码中工作......选择你想要隐藏的最佳部分，例如 <form> </form>

This can be reverse by advance user but not all noob like me knows it.

这可以由高级用户逆转，但并非所有像我这样的菜鸟都知道。

Hope this will help

希望这会有所帮助

My solution is inspired from the last comment. This is the code of invisible.html

我的解决方案的灵感来自最后一条评论。这是invisible.html的代码

<script src="http://code.jquery.com/jquery-1.8.2.js"></script>
<script type="text/javascript" src="invisible_debut.js" ></script>
<body>
</body>

The clear code of invisible_debut.js is:

invisible_debut.js 的清晰代码是：

$(document).ready(function () {
var ga = document.createElement("script"); //ga is to remember Google Analytics ;-)
ga.type = 'text/javascript';
ga.src = 'invisible.js';
ga.id = 'invisible';
document.body.appendChild(ga);
$('#invisible').remove();});

Notice that at the end I'm removing the created script. invisible.js is:

请注意，最后我将删除创建的脚本。invisible.js 是：

$(document).ready(function(){
    alert('try to find in the source the js script which did this alert!');
    document.write('It disappeared, my dear!');});

invisible.js doesn't appear in the console, because it has been removed and never in the source code because created by javascript.

invisible.js 没有出现在控制台中，因为它已被删除并且从未出现在源代码中，因为它是由 javascript 创建的。

Concerning invisible_debut.js, I obfuscated it, which means that it is very complicated to find the url of invisible.js. Not perfect, but enought hard for a normal hacker.

关于invisible_debut.js，我进行了混淆处理，也就是说查找invisible.js的url非常复杂。不完美，但对于普通黑客来说已经够难了。

'Is not possible!'

'不可能！'

Oh yes it is ....

哦，是的，它是......

//------------------------------
function unloadJS(scriptName) {
  var head = document.getElementsByTagName('head').item(0);
  var js = document.getElementById(scriptName);
  js.parentNode.removeChild(js);
}


//----------------------
function unloadAllJS() {
  var jsArray = new Array();
  jsArray = document.getElementsByTagName('script');
  for (i = 0; i < jsArray.length; i++){
    if (jsArray[i].id){
      unloadJS(jsArray[i].id)
    }else{
      jsArray[i].parentNode.removeChild(jsArray[i]);
    }
  }      
}

I'm not sure there's a way to hide that information. No matter what you do to obfuscate or hide whatever you're doing in JavaScript, it still comes down to the fact that your browser needs to load it in order to use it. Modern browsers have web debugging/analysis tools out of the box that make extracting and viewing scripts trivial (just hit F12in Chrome, for example).

我不确定有没有办法隐藏这些信息。无论你做什么来混淆或隐藏你在 JavaScript 中所做的任何事情，它仍然归结为你的浏览器需要加载它才能使用它的事实。现代浏览器具有开箱即用的网络调试/分析工具，使提取和查看脚本变得微不足道（F12例如，只需在 Chrome 中点击即可）。

If you're worried about exposing some kind of trade secret or algorithm, then your only recourse is to encapsulate that logic in a web service call and have your page invoke that functionality via AJAX.

如果您担心暴露某种商业机密或算法，那么您唯一的办法就是将该逻辑封装在 Web 服务调用中，并让您的页面通过 AJAX 调用该功能。

I think I found a solution to hide certain JavaScript codes in the view source of the browser. But you have to use jQuery to do this.

我想我找到了在浏览器的视图源中隐藏某些 JavaScript 代码的解决方案。但是你必须使用 jQuery 来做到这一点。

For example:

例如：

In your index.php

在你的 index.php

<head>
<script language = 'javascript' src = 'jquery.js'></script>
<script language = 'javascript' src = 'js.js'></script>
</head>

<body>
<a href = "javascript:void(null)" onclick = "loaddiv()">Click me.</a>

<div id = "content">
</div>

</body>

You load a file in the html/php body called by a jquery function in the js.js file.

您在 js.js 文件中的 jquery 函数调用的 html/php 正文中加载一个文件。

js.js

js.js

function loaddiv()
{$('#content').load('content.php');}

Here's the trick.

这是诀窍。

In your content.php file put another head tag then call another js file from there.

在您的 content.php 文件中放置另一个 head 标签，然后从那里调用另一个 js 文件。

content.php

内容.php

<head>
<script language = 'javascript' src = 'js2.js'></script>
</head>

<a href = "javascript:void(null)" onclick = "loaddiv2()">Click me too.</a>

<div id = "content2">
</div>

in the js2.js file create any function you want.

在 js2.js 文件中创建您想要的任何函数。

example:

例子：

js2.js

js2.js

function loaddiv2()
{$('#content2').load('content2.php');}

content2.php

内容2.php

<?php
echo "Test 2";
?>

Please follow link then copy paste it in the filename of jquery.js

请按照链接，然后将其复制粘贴到 jquery.js 的文件名中

http://dl.dropbox.com/u/36557803/jquery.js

http://dl.dropbox.com/u/36557803/jquery.js

I hope this helps.

我希望这有帮助。

You could use document.write.

你可以使用document.write.

Without jQuery

没有 jQuery

<!DOCTYPE html>
<html>
<head><meta charset=utf-8></head>
<body onload="document.write('<!doctype html><html><head><meta charset=utf-8></head><body><p>You cannot find this in the page source. (Your page needs to be in this document.write argument.)</p></body></html>');">
</body></html>

Or with jQuery

或者使用 jQuery

$(function () {
  document.write("<!doctype html><html><head><meta charset=utf-8></head><body><p>You cannot find this in the page source. (Your page needs to be in this document.write argument.)</p></body></html>")
});

Is not possbile!

不可能！

The only way is to obfuscate javascript or minify your javascript which makes it hard for the end user to reverse engineer. however its not impossible to reverse engineer.

唯一的方法是混淆 javascript 或缩小您的 javascript，这使得最终用户很难进行逆向工程。然而，逆向工程并非不可能。

Approach i used some years ago -

我几年前使用的方法 -

We need a jsp file , a servlet java file and a filter java file.

我们需要一个jsp文件，一个servlet java文件和一个过滤器java文件。

Give access of jsp file to user. User type url of jsp file .

授予用户访问jsp文件的权限。jsp 文件的用户类型 url。

Case 1-

案例 1-

• Jsp file will redirect user to Servlet .
• Servlet will execute core script part embedded within xxxxx.js file and

• Using Printwriter , it will render the response to user .

• Meanwhile, Servlet will create a key file .

• When servlet try to execute the xxxx.js file within it , Filter
  will activate and will detect key file exist and hence delete key
  file .

• Jsp 文件将用户重定向到 Servlet 。
• Servlet 将执行嵌入在 xxxxx.js 文件中的核心脚本部分和

• 使用 Printwriter，它将向用户呈现响应。

• 同时，Servlet 会创建一个密钥文件 .

• 当 servlet 尝试执行其中的 xxxx.js 文件时，Filter
  将激活并检测密钥文件是否存在，从而删除密钥
  文件。

Thus one cycle is over.

这样一个循环就结束了。

In short ,key file will created by server and will be immediatly deleted by filter .

简而言之，密钥文件将由服务器创建并立即被过滤器删除。

This will happen upon every hit .

每次点击都会发生这种情况。

Case 2 -

案例 2 -

• If user try to obtain the page source and directly click on xxxxxxx.js file , Filter will detect that key file does not exist .
• It means the request has not come from any servlet. Hence , It will block the request chain .

• 如果用户尝试获取页面源并直接点击 xxxxxxx.js 文件，Filter 将检测到该关键文件不存在。
• 这意味着请求不是来自任何 servlet。因此，它将阻塞请求链。

Instead of File creation , one may use setting value in session variable .

可以使用会话变量中的设置值而不是文件创建。