1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 5:06 pm May 13, 2026

Forum Moderators: open

Message Too Old, No Replies

How to protect your code

         

NickMNS

3:55 pm on Jan 16, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



For javascript to run the code needs to be loaded in the user's browser, thus making it readable and copyable by the user.

I am working on a new webpage that features a simple tool. It simply requires some math to work. None of which is secret, complex or innovative in any real way. I am doing it as a side project for myself but figured I can put it online. Given that this tool is purely mathematical means that I can code it entirely in JS and the user's browser can do all the calculations. But this also means that any a scammer can simply copy my code and throw-up a 1000 copies of the page with zero effort.

Copying the page would be simple enough regardless, in fact my page is likely a copy as I am almost certain that such tools must already exist (I can't even be bothered to check). The formula for the math is on Wikipedia. But in my experience most scammer/spammers don't really do the math, reading and writing thing. So hiding some or all of the math on my server would likely be a sufficiently big hurdle to prevent theft.

Is it worth the effort? In pure js all that is required is to serve a static html page with the script embedded. Hiding the math requires multiple end-points to handle a bunch of fetch requests as well as determining the logic of how to send the data back and forth between the server and client. All this requires a far more complex server setup.

Are there any other means of preventing spammers from stealing your JS code?

Kendo

3:39 am on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



JavaScript can be obfuscated but it can be unwrapped by anyone who really wants it.

Protecting ones work from plagiarism is an ongoing battle. When I started coding and developing apps for the web I concentrated on Windows servers because code could be wrapped in a DLL, hidden and managed by licensing. On Linux servers we have compiled apps running server side that I assume are protected. Not being a Linux person I couldn't be sure.

But if you can compile your functions into an app and use scripting such as PHP to call it, you may be able to protect it that way. Although that would mean that the calcs are performed on the server and not the user's machine. But then while doing it that way, you don't need to protect your code because the bulk of it will be on your website.

tangor

7:24 am on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Short answer: you can't. JS, by description, is completely readable across the spectrum.

One reason why I will do things in Perl... :)

JorgeV

10:11 am on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Hello,

You can do your math server side, using any scripting language, and just send to result to the browser, ... if it has to be an interactive page, you can use Ajax to communicate between the browser and the server.

Alternatively, you can also use node.js, which is good for interactive dynamic pages.

Finally, you can always use Java, the source code will not be available, but anyone can download the applet and run it themselves. (may be the Java applet , can test it's being run on your site, and not form another site).

NickMNS

2:23 pm on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Basically I have concluded that I have no real choice. The math will done server side.

if it has to be an interactive page, you can use Ajax to communicate between the browser and the server.

AJAX is specific to jQuery, and I don't plan to use that, simply plain vanilla JS. Requests to the server will be handled asynchronously using Promises and the Fetch api.

you can compile your functions into an app

Depending on multiple factors (is there an audience, do I have time) I may at some point create a native app for this.


One reason why I will do things in Perl... :)

Yeah, no chance of anything being copied when it is written in PERL. Even having full access to the code requires a degree in cryptography to understand it, as it resemble ancient Egyptian hieroglyphs. My scripting language of choice remains Python. :)

JorgeV

2:47 pm on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



AJAX is specific to jQuery,

Not at all. AJAX is pure JS.

[en.wikipedia.org...]

JQuery does have function to make it easier, but it just relies on the XMLHttpRequest , which is pure JS.

NickMNS

3:17 pm on Jan 17, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Not at all. AJAX is pure JS


Yes, ok you are right. Except strictly speaking and as pointed out in the Wikipedia article AJAX is not a thing in its own right it is an application of many things together, and it implies the use of XML, which in most cases (including my particular case) is now replaced with JSON so technically one would most likely be using AJAJ. Whereas, in the case of jQuery, ajax() is an actual method that continues to be the same method whether or not JSON or XML is used.

JorgeV

10:37 am on Jan 18, 2020 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Hello-

I misused the word AJAX, sorry. I just meant that with the XMLHttpRequest object, you can communicate with a server side script from Javascript. Don't be mislead by the "XML" in the name of this object. (I don't know who named it), the data returned by the server side script can be anything, XML, JSON, or even HTML, text, etc... You do whatever you want with the data.

NickMNS

4:40 pm on Jan 18, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I just meant that with the XMLHttpRequest object

I don't use XMLHttpRequest either, I use the relatively new FETCH api. See the link below for details. It is really much easier to implement, once you've wrapped your brains around Promises.
[developer.mozilla.org...]

ClosedForLunch

9:45 pm on Jan 18, 2020 (gmt 0)

5+ Year Member Top Contributors Of The Month



I have calculators on a couple of websites. I don't use any JS, I use HTML forms and server-side math.

It's fast, and I'm able to serve a new ad on each form submission / page load. And no one can see my code.

Beyond that, make your UI more intuitive than your competitors.

NickMNS

10:04 pm on Jan 18, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Beyond that, make your UI more intuitive than your competitors.

That is the goal.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 5:06 pm May 13, 2026