Why do browsers not allow non-readable javascript?
As more processing moves to the client side, would it not helpful to allow site admins to protect the source code in their Javascript?
Perhaps by encrypting the Javascript files and providing a mechanism for them to be decrypted by the browser internally?
Don't get me wrong, I'm all for open source and openness but for some companies it just does not fit the culture.
11 comments
[ 3.6 ms ] story [ 50.1 ms ] threadIf you want to make it really difficult to "steal" code just run it through a minifer. You'll never really be able to hide what a script is doing though. If you want logic not to be user-known and very likely user-modifiable you -must- make it server side. If this weren't the case DRM would actually work ;)
They've almost always reinvented some part of jQuery or a well know plugin and done it badly.
Putting the ethical questions aside, if browsers allowed javascript encryption and company X has a program that "frombulates widgets" and they want to protect their code from their main competitor Y, such encryption would present a valuable obstacle, even if it may not be 100% impossible to crack.
Those companies that have secrecy as a cultural value are going to be at a clear disadvantage from a UX point of view. The web is getting faster. People in general are becoming less and less tolerant of load times and other delays. The success of native apps proves this. Choosing secrecy will hurt your company unless you truly have a sauce so special that people will be tolerant of latency to taste it.
Native apps are the last refuge of companies that want to maintain end-to-end secrecy throughout the entire stack. The fragmentation of smart phones suggests that web apps are the future because every apps with social features is less useful if only people with the same kind of device as you can use it. Companies will have no choice but to develop in a space that is open.
As a consolation to companies with secrecy as a cultural value, the locus of computation is increasingly blurred between the browser and the server. The source code of most advanced client-side javascript apps that I've seen so far look like swiss cheese in that they're all full of holes, where the holes are functionality that is handled server side and are often the most complex tasks that an app is performing for the user.