Thanks to Google, JavaScript becomes a hot technology again. Mr. Jesse James Garrett coined the technique utilizing JavaScript and XMLHTTPRequest as AJAX. Whatever it is called, I believed that it is the most natural way for both web application developer and web users if the web application have to be an RIA (Rich Internet Application). However, there is an important issue to deal with before it can grow. All JavaScript are basically plain text. What problem?
I believe that the adoption of AJAX will grow only if there are enough number of components avaiable in the market. However, if you can't protect the code, are you willing to spend the time to develop the components? So, the answer is obfuscating the source code.
As I searched on the web, only a few obfuscators are available. All of them are useless for component developer. Imagine that you have written a JavaScript component, say TreeListView (google it if you don't know). You would like to share the scripts but you don't want others to see how it works (avoid other parties from stealing it and selling it). You tried the obfuscator to scramble the code. Then, you found that the names of classes, public variables and the public functions are renamed. Would you pay that obfuscator? Would you release the component you've written without any protection (substitude "you" to "a company")?
To encourage everyone using JavaScript, I decided to write this obfuscator by observing how I wrote the code and then release it to the public.
In case there is a closure that does not end with a semi-colon, ";", a line break will be inserted when "}" is encountered.
Redundant whitespace characters (tab, space, new line) will be removed.
Variable names and function names are replaced only if they are not the member of the class.
this.x, document.write() will not be replaced.
Generally, the name after a dot, ".", will not be replaced.
Variable names and function names will not be replaced if the token
is a member of a class as mentioned at #4
starts with a capital letter (assuming they are classes)
is in the exception list. The exception list can be specified in a file delimiting the tokens with whitespace characters (tab, space), dot ("."), comma (","), double-quote ("""), and single-quote ("'")
If specified, tokens in string literals will be encoded into \uXXXX or \XXX format
If a line is end with a JavaScript delimiter or a double-slash comment, it will merged with the next line to a single line
It does not process regular expression literals
Implications from the obfuscation rules:
Using with should be avoided
If using member of the window object, it is better to explicitly write window.something (e.g. window.setInterval...)
All classes should be started with a capital letter
Using a semi-colon to seperate a statement is encouraged because
var a = "abc"
var b = a
var c = b // foo
var d = c
will be encoded to
var a = "abc"var b = a
var c = bvar d = c
(see rule #7)
The size of the obfuscated script will be smaller if the characters in string literals are not encoded into \uXXXX or \XXX format
The output will be printed to STDOUT if the destination directory is not specified. Also, a mapping of old_variable=>new_variable will be printed to STDERR.
Win32 executable is also available here [ Download ].
However, due to the restriction of the server (it's free anyway), I have to split it into pieces. Please simply download the pieces and run the batch file (generated by JR File Split). It will reconstruct the Win32 executable]]
(thanks to tElock 0.98, it compressed the 8.53MB executable into a 2.43MB one.).
