How can we restrict a user from saving the page?

Please provide some tips to disable File->Save and View Source options

EDIT: Obviously it can't be done, and probably shouldn't be attempted. But possibly a more interesting variant on this question is how can we make is sufficiently hard for a user to save a page in a usable format such that it is not worth their while doing so? The question doesn't pose a value, but say we were protecting an article subscription site where the user is paying a few hundred dollars per annum for continued access to text.

Since the page has been sent to the client, there will always be a way to get that information. Trying to stop a user from doing this will only frustrate them.

The only way to have a user not be able to save a file is to not send it to them.

While the best answer is "Don't do this," there are ways to make it more difficult for them. And since the point of this site is actually answer the question even if it's bad, here is the best way:

First you'll need to have the page open in a new window where you turn off the address bar and toolbar and everything else. That will make it so the user can't easily get to the File menu at all. To do this you'll need a "splash" page that the user loads to and then when they click a link, it opens the popup that serves the main content of your page. Details on how to create popups without things like the toolbar are here: http://blazonry.com/javascript/windows.php

Then you'll want to add some javascript to each page that prevents the user from right clicking. Here is one method: http://javascript.about.com/library/blnoright.htm

Finally, if it's your Javascript code that you don't want to be seen, then obfuscating your code is a pretty effective way to do that. They can still see the code if they have much know-how, but the obfuscated code would be a gigantic pain to actually interpret. There are lots of obfuscators out there; here is a free web-based one: http://www.javascriptobfuscator.com/

This is far from foolproof. It will stop all "casual" users, but any power user will probably be able to easily figure out a way around it. Still if the idea is to at least prevent a good majority of it then this should suffice.

Update for updated question: To address your new expanded question, I would say the best way to accomplish what you're saying is to use a format that supports DRM. Adobe Acrobat would probably be the best choice because almost everyone has the reader installed. You can prevent PDF files from being saved to the computer so that they can only be loaded from the webpage by a logged in user. The user could still do a screen capture of the document itself which I don't believe is preventable (unless Adobe Reader has some security in place for this, which they might) but it should be sufficient security for most uses.

Don't do it.

Seriously, if the user can see the page in their browser they can see the source code and/or save it to their computer.

You are fighting a losing battle here.

What about the browser's cache? It can be saved from there.

What about a print screen? That could also save the page.

The only way to prevent a user from saving something is to not show it to them in the first place.

It's really a waste of time and resources to try and do this in html as any method you use can be trivially circumvented.

Instead I would use some other technology to display the data - you can never get around a screen capture. but if you're for instance displaying text and you want to make it hard for the use to save that text for use elsewhere then possible options include

1. PDF - which can disable save and print. There are extensions to most popular web languages that will write a pdf on the fly. Indeed you might be as well just to go down the DRM route with Adobe and embed a document

2. Flash - most probably via Flex which could be used to write a general-purpose app to display text and images. The advantage of Flash is that it's easier to set up links than pdf.

3. Or something else, a custom java applet, or even a vrml plugin and display the text in 3D!

In all cases you could display text against a disruptive background to make OCR more difficult, and images could be watermarked. However nothing is going to stop a determined and resourceful viewer, although you can possibly make it sufficiently hard that it's not worth their time.

The least you can do is... the content is generated dynamically by Javascript. In that way, they cannot simply save it. Of course, in FX, they can still view the generated code and then copy&paste. however, normally people cannot save the page.

It shouldn't be an issue, but if you really don't want a user from seeing your code (javascript, css or html) for some reason, than you could use some obfuscation tool which makes the code less readable.

Try javascript "encoding" and obfuscation.

Something like

if(document.location == 'mydomain.com') {
  content = getAjax('mycontent.xml');
  // content will hold something like 72, 94, 81, 99, ... - encoded ASCII codes
  document.write(String.fromCharCode(content));
}

It will always be possible to save the page, but for non-technical guys it will be harder to make it work. There are 2 protections

• domain name
• converting ASCII

It's only pseudocode, but I think you get the idea.

I'd like to add one more method which, imho, is hard to circumvent: Ctrl+S! (for me, Apple+S)

how can we make is sufficiently hard for a user to save a page in a usable format such that it is not worth their while doing so

Nothing hard: add on every page: "Personal property of John Stealer, company Zetabeta, paid with credit card 756890987654, billing address ..., subscription expires 12/20".

This is an "extended text format" that I just invented... it has an amazing property: though it looks like a regular text, user is much less willing to print it out and give to others...

add these to code sets in script tag

document.addEventListener('contextmenu', function (e) {
                e.preventDefault();
});

document.onkeydown = function (e) {
                return false;
};