How to hide the source code in HTMLRenderer ?

MiServer is Dyalog's APL-based web development framework

How to hide the source code in HTMLRenderer ?

Postby PGilbert on Mon Jul 20, 2020 7:11 pm

While using the HTMLRenderer we do not want the end-user of our program to be able to right-click and choose View Source on the chrome default contextual menu. At the suggestion of Dyalog we have added oncontextmenu="return false" in the HTML tag of our code and it is working, the contextual menu does not show up.

Code: Select all
<html lang="en" oncontextmenu="return false">


Also, the shortcut Ctrl+U used to see the source code is not working. Could Dyalog confirm that the shortcuts are disabled in HTMLRenderer and is there a way for the end-user to reactivate them?

Any other way that anyone could think of accessing the source code in HTMLRenderer once the default contextual menu and the shortcuts are disabled?

Also, how difficult it is for someone to start Chrome and access the debugger of HTMLRenderer? Is there currently a random security key to match before gaining access?

Thanks in advance.
User avatar
PGilbert
 
Posts: 439
Joined: Sun Dec 13, 2009 8:46 pm
Location: Montréal, Québec, Canada

Re: How to hide the source code in HTMLRenderer ?

Postby norbertjurkiewicz84 on Tue Jul 21, 2020 3:59 pm

Have you obfuscated the JS code being sent to HTMLRenderer?

What about checking for cef command line switches that set a remote debugger? These may be able to alter the htmlrendered behavior at runtime. Worth looking into.

      4.2 CEF/Chromium Command Line Switches
There are very many command line switches that can be used with CEF to alter behavior, help
debugging or aid in experimenting. These switches need to be set using the -cef or -
cef_all options when Dyalog APL is started. If you're setting a single CEF command line
switch, you can use:
-cef –-command-line-switch
If you're setting more than one CEF command line switch, then you either need to prefix each
on with -cef or place them at the end the Dyalog command line preceded by -cef_all as
in:
-cef –-command-line-switch1 -cef –-command-line-switch2
-cef_all --command-line-switch1 –-command-line-switch2
Note that the command line switches begin with a double dash (--).
One common command line switch is to enable a remote debugging port for CEF so that you
can attach a browser to CEF and open the Developer Tools Console.
-cef –-remote-debugging-port=12345
Then open a browser and navigate to the address of the computer where HTMLRenderer is
running and the port indicated by –-remote-debugging-port.


That's probably going to be your best bet. Other than that keep, the front-end for UI only, as much as possible...
User avatar
norbertjurkiewicz84
 
Posts: 62
Joined: Mon Nov 01, 2010 7:26 pm


Return to MiServer

Who is online

Users browsing this forum: No registered users and 1 guest