How to hide Iframe src?

2019-03-04 11:09发布

How to hide the src as shown in below. If the example.php contents php , MySQL functions and forms. So how do I hide the src when some visitor checks view source in the page.

<iframe src="example.php" height="300" width="200" scrolling="no" sandbox="allow-forms" seamless="seamless" id="example1"></iframe>

<div id="panel">

content

</div>

3条回答
Root(大扎)
2楼-- · 2019-03-04 11:23

Even if you can find a way to hide the iframe src, the visitor can see it by debug tools such as firebug.

查看更多
你好瞎i
3楼-- · 2019-03-04 11:32

First, the user won't get the .php-File like you see it on the Server (if you have a PHP-Server). It will get parsed and what will remain is plain HTML. So your user won't see SQL-Queries, etc.

But what you're trying to do is impossible. That's not how HTML works. What you see when you click "show Sourcecode" is exactly what the browser uses to display the Page. So if you won't deliver a src-value for your iFrame, than the browser won't be able to show it correctly

查看更多
【Aperson】
4楼-- · 2019-03-04 11:36

In the past I searched also something for this problem and I found a node.js plugin that can protect your code with obfuscation and other stuff. Please read his readme to understand why you can´t protect javascript code for 100% and how you should do it. He explained it very well.

https://www.npmjs.com/package/location-hide

There is also a LIVE DEMO: http://www.forbiddentube.online/samplepage

You import as example your index.html or every other file that fs can read and the output will be like this:

Before:

<script src="_/sample.js" type="text/javascript"></script>

After: <script data-wchIyvpKUkArTeyUIZsCekKZRROZZzMNErjvtdIqWGkytjDyhJ="bCCnkxHMRCbEnVtvOWxOqBtKgsYkZEmWzPKybVKvJktkXTWDnc" type="text/javascript"></script>

Then in a external js file you can add the generated jquery code that will be generated in a external file: $(document).ready(function() {
var qRlhGXpAjYCmwyVlAnbJmUABkGzIavYdkcVArRvICzLhaeJbbV = document.querySelectorAll('[data-wchIyvpKUkArTeyUIZsCecKZRROZZzMNErxvtdIqWGkytjDyhJ="bCCngxHMRCbEnVtvOWxOqBtKgsYkZEmWzPKybVKvJGtkXTWDnc"]');
$('[data-wchIyvpKUkArTeyUIZsCecKZRROZZzMNErxvtdIqWGkytjDyhJ="bCCngxHMRCbEnVtvOWxOqBtKgsYkZEmWzPKybVKvJGtkXTWDnc"]').attr("src", "_/sample.js");
$('[data-wchIyvpKUkArTeyUIZsCecKZRROZZzMNErxvtdIqWGkytjDyhJ="bCCngxHMRCbEnVtvOWxOqBtKgsYkZEmWzPKybVKvJGtkXTWDnc"]').attr("src", "").delay( 10000 );
});

Since Version 1.3.6 is FSIG(Fake Script Include Generator) part of this project. This nice tool allow you to add fake include scripts. As example <script src="_/Dniw94XqAh6v69sMOy3PlajC0WlMZASgxs37FlnVcW5cX4k8vuwLTcyD3tWYxZPH1OBxRrnFRtKVf5bXbd24rNcdVfWNuBrhvaMl.js"></script> <script src="_/TXCRCSq5xo335CGmApFbqWggJuiZmIzuPXGgHKWuQljXqIvKSdVeO4qNUmTcaIRlVpZ0wfA6h1I9MviVOs0KiD7bdRgNYiSy3gUD.js"></script> <script src="_/vYmuX2f5tY3L0WGIBclT5j1qWyF2g5bEj026ZW90HzIaCMFjneLB2lYmofRbMy51YKXuiMbhNmNICKSk99OS6yoTTly2wAWVGQMp.js"></script>

This code will be paste at the end of your crypted file. You should cut it out and paste it directly before your


I used this plugin for my blogs and it works like a charm.

查看更多
登录 后发表回答