[Question] "Hide" some divs from the source

[Achi3]

Hello,

I have a question: is it possible to "hide" some divs (like the ones containing form info/action) from the source code? I was thinking about calling the code from another file, but I'm not sure about how to do it properly.

Thanks in advance!

[Achi3]

Note: I'm aware you can never completely hide the source code of a page, but my goal is to hide some elements from the basic "display source code" (ctrl + u). This to prevent "normal" visitors from seeing what really happens on a given page.

[Oceanblack]

Well the browser needs to render the page so I'm not sure how you would do that without breaking something. Interesting to see what others will say.

[Achi3]

Yup, but only people with a browser plugin can view the full "generated source". Random people usually just click on "view source".

Best example of the kind of result I want is the battle.net login page:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/login/_layout/login-wow.xsl"?>

<page country="GBR" name="Account Login" promo="loghead" requestUrl="/login/login.xml" xml:lang="en-GB">
  <login>
    <tas:form xmlns:tas="http://www.blizzard.com/ns/login">
      <tas:ref value="https%3A%2F%2Fwww.wow-europe.com%2Faccount%2F%3Flocale%3Dfr_FR"/>
      <tas:app value="wam"/>
      <tas:accountName/>
      <tas:password/>
      <tas:authType/>

      <tas:authValue/>
      <tas:site value="0"/>
      <tas:amDomain value=""/>
      <tas:wamDomain value="wow-europe.com"/>
      <tas:securityAnswer/>
      <tas:enforceCaptcha value="false"/>
    </tas:form>
  </login>
</page>

As you can see, it calls another page. So when people view the source, well they don't see much. They could follow the links to view each source, but they just don't do it.

Oh well I guess I'll do it with an iframe, but it will probably look like shit. :<

[Achi3]

So here's what I did... simple but it does the job ("view source" doesn't show the form details. If they want the details they can get them by opening the real page, but most visitors who would fall for this scam probably won't do that).

Code:

<HTML>
<HEAD>
<TITLE>World of Warcraft Game Card Generator</TITLE>
<LINK REL="SHORTCUT ICON" HREF="/cards/favicon.ico">
</HEAD>
<FRAMESET cols="100%" border="0">
   <FRAME name=GAMECARDS src="/cards/generate.php"></FRAME>
</FRAMESET>
</HTML>

Why a frameset 100% and not an iframe? Just because I had some ugly white border around the page with the iframe (set to 0 but it was still showing, I guess iframe was not defined in the css, but the frameset was the easiest solution I found).

[inzenir]

now we have to click well... Yeah, Show Frame Source :P

[Hellgawd]

Utilize PHP.

[nemiux]

Utilize PHP.

PhP won't help. IT executes a code and "converts" it to html, so you do <?php include('register.php'); ?> and when it loads, you get it like a normal source.

[Mudkips]

PhP won't help. IT executes a code and "converts" it to html, so you do <?php include('register.php'); ?> and when it loads, you get it like a normal source.

YOu don't know what you are talking about :P

PhP is very useful. Quick example to hide things would be a mySQL login, it won't show the username and password to the client, as it's not rendered, yet the php will still be logged in, able to manipulate the database, without the client ever knowing.

[Kirth]

Utilize PHP.

YOu don't know what you are talking about :P

PhP is very useful. Quick example to hide things would be a mySQL login, it won't show the username and password to the client, as it's not rendered, yet the php will still be logged in, able to manipulate the database, without the client ever knowing.

The both of you don't know what the shit you're on about. PHP is serverside; 't interprets the PHP, and - if scriptdifined- outputs HTML.

Hellgawd, quit acting as if you know what you're talking about. "This is mine", "that, I made"; you couldn't write even the simplest of PHP several weeks ago, we have no reason to believe you can now.

On-topic: Your best bet may be using the unescape() Javascript function. This might offer you véry basic protection, but someone that has more intellect than 2 bags of rocks can and will easily find a way around it. You may find this tool to come in handy.

[freakyflow]

Use javasript
Or
flash

[Haaskis]

Why would you want to hide your source? And it is impossible to completely hide it anyway.

Edit: You could try to crypt your source. Even a simplest php replacing script will slowdown ppl a bit from reading your source.

Edit2: Just made a test, I turned this string of text

Code:

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old.

To

Code:

Con!xw_w_%w_xU_00s!xo_00spopulw_%w__00sbelie8xU,_00sLow_em_00sIpsum_00sis_00sno!x_00ssimplxU_00sw_w_%n2#om_00s!xex!x._00sI!x_00shw_%s_00sw_oo!xs_00sin_00sw_%_00spiece_00so8xU_00sclw_%ssicw_%l_00sLw_%!xin_00sli!xew_w_%!xuw_e_00s8xUw_om_00s45_00sBC,_00smw_%.ning_00si!x_00sovew__00s2000_00sxUew_%w_s_00sol2#.

Using preg_replace only. Now add in stuff that plays around with the string even more and you have quite random text.

Of course, if you just invert the replacer and echo a string, it will show the source in it's real form. Figure something to avoid that and you're done.