JavaScript Encoder/Obfuscator

The JavaScript Encoder (its official name, ECMAScript Obfuscator) tool obfuscates JavaScript source code to make it difficult to understand or reverse engineer (example). This provides significant protection for source code intellectual property that must be shipped to a customer, as is common when shipping JavaScript-enabled web pages to browsers or when JavaScript is used as a scripting langauge to support other activities (XSLT, etc.). It is a member of SD's family of Source Code Obfuscators.

JavaScript Encoder/Obfuscator Features

  • Protects your source code
  • Zero impact on execution time
  • No changes to the execution environment of the application are needed
  • Replaces names by nonsense names without affecting functionality
    • User definable list of preserved names
    • Predefined list of reserved names from Microsoft and Netscape browser APIs provided
    • Facility to handle variable names embedded in eval'd string literals
  • Reduces web page load time by stripping whitespace and comments, and using short-as-possible variable names
    • User definable comment filtering, to preserve Copyright and public API documentation
  • Option to encrypt string literals (slight performance impact)
  • Handles JavaScript in HTML type files.
    • Handles Microsoft ASP files with server side JavaScript or VBScript. This can obfuscate both client and server-side JavaScript. Server-side VBScript can be protected with our VBScript obfuscator.
    • Handles JavaScript in XML/XSLT.
    • Handles client-side JavaScript in PHP. Server-side PHP can be protected with our PHP obfuscator.
    • Option to neatly format HTML to aid development before obfuscation
  • Option to neatly format ECMAScript (JavaScript) source and indent files according to their nesting level, to aid development before obfuscation.
  • Command line and GUI interfaces

Flash users: Ask about the Flash Obfuscator (ActionScript Obfuscator) beta.

Why the MicroSoft Script Encoder is a poor choice: To protect JavaScript in web pages, one might consider using the MS Script Encoder as an alternative. You can Google for MS Script Encoder, which will show you how to use it. But the MS Script Encoder doesn't provide much protection; the same Google search trivially shows you a link to a tool that can directly decode it. In contrast, comment removal and name scrambling done by our obfuscator can only be undone by hard, programmer-intensive guesswork. Of course, for a bit of added protection, you might apply the MS Script Encoder on top of our JavaScript Obfuscator, giving folks who do know how to decode it a bad surprise.

For more information:    Follow us at Twitter: @SemanticDesigns

ECMAScript (JavaScript) Source
Code Obfuscator