题意:如何禁用查看源代码和检查元素
问题背景:
How do you disable/ view source/ and /inspect element/, ctrl + u ctrl+shift+I f12 menu bar and right click, also ctrl + s ctrl p ctrl+v ctrl+a ctrl+c and drag select page, please answer all parts that's possible, I prefer to do this with JavaScript array keycodes or html no php or other languages.also I want to block ifram use on my site like somesites such as google. As I understand it is not possible to completely disable view source and inspect element, so I want minification of code and rest of my question answered instead.
你如何禁用查看源代码和检查元素,比如 Ctrl + U、Ctrl + Shift + I、F12、菜单栏和右键点击,以及 Ctrl + S、Ctrl + P、Ctrl + V、Ctrl + A、Ctrl + C 和拖动选择页面?请尽可能回答所有部分,我希望使用 JavaScript 数组键码或 HTML,而不使用 PHP 或其他语言。此外,我想阻止在我的网站上使用 iframe,像一些网站(如谷歌)那样。因为我知道完全禁用查看源代码和检查元素是不可能的,所以我想对代码进行混淆,并回答我的其他问题。
Edit:
I solved alot of it myself, I used onkeydown return false to disable all keys, still need the arrays, I disabled inspect element menu bar by forcing browser to window.open I still need right click, however would like to add that I need a custom right click menu, I disabled the possibility to disable Javascript in order to stop the key block by using noscript function redirects. I also still need the drag and select part. I would still like betterways to fix it...maybe even just minify the code or encrypt it. Of anyone needs some of the code I used just reply. I just need to fix it.
我自己解决了很多问题,使用了 onkeydown return false 来禁用所有按键,但仍然需要数组。我通过强制浏览器使用 window.open 禁用了检查元素的菜单栏,但仍需要右键点击。不过,我想添加一个自定义的右键菜单。我禁用了禁用 JavaScript 的可能性,以阻止按键阻止,通过使用 noscript 函数重定向。我仍然需要拖动和选择部分。我希望找到更好的方法来解决这个问题……也许只是对代码进行混淆或加密。如果有人需要我使用的一些代码,请回复。我只需要修复它。
问题解决:
It is impossible to prevent the user from inspecting code running on their machine. At the end of the day, the HTML they are getting delivered will be readable in plain text. You can cause a nuisance for most people, but this will not be a valid security measure - chrome extensions will still run, for instance, so if someone is using the NoScript extension it will disable all javascript.
阻止用户检查运行在他们机器上的代码是不可能的。归根结底,他们接收到的 HTML 将以纯文本形式可读。你可以对大多数人造成麻烦,但这并不是一个有效的安全措施——例如,Chrome 扩展仍然会运行,因此如果有人使用 NoScript 扩展,它会禁用所有 JavaScript。
A much better option would be to handle your logic server side, and only send the client the information they need to know/requested.
一个更好的选择是将逻辑处理放在服务器端,只向客户端发送他们需要知道/请求的信息。
There are some free javascript obfuscators, such as https://javascriptobfuscator.com/. Please remember that it is not a secure method, though.
有一些免费的 JavaScript 混淆工具,比如 https://javascriptobfuscator.com/。不过,请记住,这并不是一种安全的方法。
